Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 04:58:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6431 commits 389 branches 197 tags 279 MiB
Commit graph

3 commits

Author SHA1 Message Date
Johanna Amann
00e759b44c Intel: CERT_HASH indicator type was never checked 
Hence, when people specify data of type CERT_HASH in their intel source
files, it will never trigger an alert.
 2016-04-11 15:50:55 +02:00
Seth Hall
ee3e885712 Lots of fixes for file type identification. 
- Plain text now identified with BOMs for UTF8,16,32
   (even though 16 and 32 wouldn't get identified as plain text, oh-well)
 - X.509 certificates are now populating files.log with
   the mime type application/pkix-cert.
 - File signatures are split apart into file types
   to help group and organize signatures a bit better.
 - Normalized some FILE_ANALYSIS debug messages.
 - Improved Javascript detection.
 - Improved HTML detection.
 - Removed a bunch of bad signatures.
 - Merged a bunch of signatures that ultimately detected
   the same mime type.
 - Added detection for MS LNK files.
 - Added detection for cross-domain-policy XML files.
 - Added detection for SOAP envelopes.
 2015-03-13 22:14:44 -04:00
Johanna Amann
946f19fb9d Use our new features to send the CN and SAN fields of certificates to 
the intel framework.
 2015-03-03 17:15:24 -08:00