Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
14986 commits 386 branches 195 tags 257 MiB
Commit graph

406 commits

Author SHA1 Message Date
Daniel Thayer
23a5f83c94 Added missing README files for documentation 
These are the one-line script package descriptions.
 2016-10-10 22:55:50 -05:00
Seth Hall
b55c4e61db Tiny fix for a DCE_RPC script issue. 
Fixes BIT-1688 (or at least should)
 2016-10-08 10:58:11 -04:00
Robin Sommer
a87083233e Merge remote-tracking branch 'origin/topic/jazoff/ticket-1670' 
BIT-1670 #merged

* origin/topic/jazoff/ticket-1670:
  Ensure that the notice uid field is filled in.
  Move lookup_addr when statement
 2016-09-27 11:38:08 -07:00
Justin Azoff
c74218568a Ensure that the notice uid field is filled in. 2016-09-19 22:11:31 -04:00
Johanna Amann
077a5cbda8 Remove old ack_above_hole event from scripts. 
Fixes BIT-1673
 2016-08-19 07:26:34 -07:00
Justin Azoff
f9b3f739e4 Move lookup_addr when statement 
Move the when statement to a function so that the connection record is
not in scope. Cloning a connection record is an expensive operation and
this avoids it and this avoids it.
 2016-08-17 10:41:41 -04:00
Seth Hall
117b5c3ac7 Lots of SMB1 parsing fixes. 2016-08-08 15:36:07 -04:00
Seth Hall
44496922f1 Add rename and delete events for SMB2. 2016-07-28 08:55:15 -04:00
Robin Sommer
781fdfa5ba Merge remote-tracking branch 'origin/topic/seth/smb' into topic/robin/smb-merge 2016-07-07 10:41:31 -07:00
Seth Hall
cfe3bddd75 Fixing SMB tests again. 2016-06-28 11:03:16 -04:00
Seth Hall
91161f790c SMB test clean up and docs 2016-06-28 10:30:41 -04:00
Johanna Amann
743d4672bd SMTP does not need to pull in the notice framework. 
This caused test baseline changes in one of the test: notice now ties in
netcontrol due to ACTION_DROP. Catch and release uses the new_connection
event, which was not before triggered and can cause uids to be generated
for connections that are not usually assigned uids in bare mode.
 2016-06-23 13:22:16 -07:00
Seth Hall
56a24bdef6 Merge remote-tracking branch 'origin/master' into topic/seth/smb 
# Conflicts:
#	scripts/site/local.bro
 2016-06-14 15:35:05 -04:00
Seth Hall
134d0922d5 Move the SMB analyzer out of the default load. 
This also adds a note in the local.bro script about enabling
the SMB analyzer.
 2016-06-14 15:34:00 -04:00
Jan Grashoefer
50cf694aae Moved link-layer addresses into endpoints. 
The link-layer addresses are now part of the connection endpoints
following the originator-responder-pattern. The addresses are printed
with leading zeros. Additionally link-layer addresses are also extracted
for 802.11 plus RadioTap.
 2016-06-02 01:46:26 +02:00
Robin Sommer
a2423f7d43 Adding missing script file. 2016-05-30 10:58:43 -07:00
Johanna Amann
d92fd52b35 Remove measurement scripts 2015-12-14 16:06:31 -08:00
Johanna Amann
da9b5425e4 Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp 2015-12-14 16:05:41 -08:00
Johanna Amann
c93a9fbebd Log only local-originated IPs. 2015-12-08 14:55:50 -08:00
Daniel Thayer
28f4d45d33 Fix potential race condition when logging VLAN info to conn.log 
Lowered priority of a connection_state_remove event handler to ensure
that the "conn" field is initialized in the connection record before
attempting to add the VLAN tags.
 2015-11-05 12:14:05 -06:00
Robin Sommer
a83d97937e Extending rexmit_inconsistency() event to receive an additional 
parameter with the packet's TCP flags, if available.
 2015-10-26 14:16:08 -07:00
Liang Zhu
cdc812074c fix data structure recursion 2015-08-19 11:38:34 -07:00
Liang Zhu
d45558d2a1 log the number of certs in OCSP response 2015-08-18 21:44:52 -07:00
Liang Zhu
adbc0b1eaf Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-08-05 17:15:09 -07:00
Liang Zhu
5d168792ee deal with bug url 2015-07-28 16:20:38 -07:00
Liang Zhu
e9f028be4c Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-28 13:47:21 -07:00
Robin Sommer
ba10115181 Merge branch 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro 
Switching from using the http_all_headers() event to
http_message_done(). That delays it a bit, but is the less expensive
event.

* 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro:
  Updated detection of Flash and AdobeAIR.
 2015-07-27 11:05:49 -07:00
Jan Grashoefer
b765c95d6e Updated detection of Flash and AdobeAIR. 2015-07-24 14:33:53 +02:00
Robin Sommer
fb848f795d Merge branch 'master' of https://github.com/aaronmbr/bro 
* 'master' of https://github.com/aaronmbr/bro:
  Copy-paste issue
  Allow for logging of the VLAN data about a connection in conn.log
  Save the inner vlan in the Packet object for Q-in-Q setups
 2015-07-23 13:05:28 -07:00
Aaron Brown
f29dbb90a5 Allow for logging of the VLAN data about a connection in conn.log 2015-07-22 14:13:17 -04:00
Liang Zhu
cea1b62a9a small bug fix 2015-07-21 23:38:56 -07:00
Liang Zhu
462f6608a8 log the time for server first encrypted application data 2015-07-21 14:44:33 -07:00
Liang Zhu
5f2cb840d7 add user_agent to ocsp-to-match log 2015-07-20 16:55:19 -07:00
Liang Zhu
fa654121ec fix url parsing bug 2015-07-20 15:46:21 -07:00
Liang Zhu
4e8d15d8d1 small bug fix 2015-07-18 01:53:28 -07:00
Liang Zhu
0c3b03ac8d log original uri and fix GET url parsing 2015-07-18 01:06:31 -07:00
Liang Zhu
6c9b49a5d7 fix a bug for ocsp-ssl-split.bro 2015-07-17 16:00:18 -07:00
Liang Zhu
cb0aa7725e fix a few bug for logging 2015-07-16 18:20:57 -07:00
Liang Zhu
f0c642cd25 update logging for ocsp and baseline 2015-07-15 13:31:41 -07:00
Liang Zhu
1f5a7aecbc change log schema for ocsp-ssl-split.bro 2015-07-13 15:23:56 -07:00
Liang Zhu
9553c8aefc separated logging for ocsp and ssl 2015-07-12 13:52:26 -07:00
Liang Zhu
406fec9ef4 potentially fix a memory problem ocsp-measurement 2015-07-09 11:56:58 -07:00
Liang Zhu
6947387522 add status_type to ocsp stapling log 2015-07-08 14:21:53 -07:00
Liang Zhu
545848d906 add parameter 'status_type' to event ssl_stapled_ocsp 2015-07-08 14:11:14 -07:00
Liang Zhu
e2c30f0005 record more timestamp for ocsp measurement 2015-07-06 17:52:13 -07:00
Liang Zhu
8844d344af add connection in ocsp log 2015-07-02 17:46:43 -07:00
Liang Zhu
386a5b811d add optional logging for parsed ocsp stapling message 2015-07-02 14:23:38 -07:00
Liang Zhu
2743966fcc add a script to combine ocsp with ssl 2015-07-01 17:00:41 -07:00
Robin Sommer
190df47c4b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update usage output and list of cmd-line options
  A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this.
 2015-05-04 09:58:57 -07:00
Vlad Grigorescu
cb91a9c101 A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this. 2015-04-29 20:57:40 -04:00