- Change to the default BOF buffer size to 3000 (was 1024).
- Reorganized MS signatures into a separate file
- Improved lots of the signatures and added new ones.
* origin/topic/jdopheid/BIT-1242:
Improved the log file reference documentation
Added missing log files prof, stderr, stdout
Add a test that detects changes in the list of all Bro log files
Broke down logs into grouped sections based on use & origin
Adding deatils for modbus_register_change.log
More updates to log files page: descriptions
Changing name of file
New page for List of Log files, linked to script-reference
Very nice. I've reorganized slightly more, mostly to shrink down the
"other" category: moved some of that into "Detection" and "Files" (the
latter is small, but will hopefully grow).
BIT-1242 #merged
* origin/topic/dnthayer/langref:
Minor improvements to script language reference docs
Add more script language reference documentation
Split the types and attributes reference doc into two docs
Wow, this is great!
BIT-1269 #merged
- This moves the signatures out of the libmagic imported signatures
and into our own general.sig.
- Expand the detection to LZMA compressed flash files.
* Add frame support to HookArgument, since it's a new argument to HookCallFunction
* Fix test in api-version-mismatch to remove absolute paths from output
* Update test plugin to use new HookCallFunction interface
Reorganized the log file reference documentation, improved some of the
descriptions, and corrected a typo in a log filename. Also removed
non-ascii characters that somehow got in the text.
* origin/fastpath:
new ssl extension type from iana and a few other ssl const changes.
adding a function in dnp3-analyzer.pac to translate the time stamp format
Make unexpected pipe errors fatal as precaution.
I added a lenght parameter to the DNP3 time conversion function to not
accidentally run into trouble later if there were ever any other
buffers passed in.
* origin/topic/jsiwek/improve_comm_loop:
Add a simple FD_Set wrapper/helper class.
Fix Pipe copy/assignment to make a copy of flags.
Fix possible abort on writing to a full pipe.
Remove timeouts from remote communication loop.
The intel framework can now indicate which node discovered a
hit on an intel item through the new "node" field in the
Intel::Seen data structure. On clusters, this field will
contain the name of the node where the hit was seen.
Due to the change in f1cef9d2a9, it was possible for the TCP reassembler
to deliver the same data twice because Undelivered did not take in to
account that the reassembly stream could now advance past the end of the
gap.
Addresses BIT-1259.
