mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
567 lines
13 KiB
ReStructuredText
567 lines
13 KiB
ReStructuredText
:orphan:
|
|
|
|
Package: base/bif
|
|
=================
|
|
|
|
|
|
:doc:`/scripts/base/bif/const.bif.zeek`
|
|
|
|
Declaration of various scripting-layer constants that the Zeek core uses
|
|
internally. Documentation and default values for the scripting-layer
|
|
variables themselves are found in :doc:`/scripts/base/init-bare.zeek`.
|
|
|
|
:doc:`/scripts/base/bif/types.bif.zeek`
|
|
|
|
Declaration of various types that the Zeek core uses internally.
|
|
|
|
:doc:`/scripts/base/bif/zeek.bif.zeek`
|
|
|
|
A collection of built-in functions that implement a variety of things
|
|
such as general programming algorithms, string processing, math functions,
|
|
introspection, type conversion, file/directory manipulation, packet
|
|
filtering, interprocess communication and controlling protocol analyzer
|
|
behavior.
|
|
|
|
You'll find most of Zeek's built-in functions that aren't protocol-specific
|
|
in this file.
|
|
|
|
:doc:`/scripts/base/bif/communityid.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/stats.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/reporter.bif.zeek`
|
|
|
|
The reporter built-in functions allow for the scripting layer to
|
|
generate messages of varying severity. If no event handlers
|
|
exist for reporter messages, the messages are output to stderr.
|
|
If event handlers do exist, it's assumed they take care of determining
|
|
how/where to output the messages.
|
|
|
|
See :doc:`/scripts/base/frameworks/reporter/main.zeek` for a convenient
|
|
reporter message logging framework.
|
|
|
|
:doc:`/scripts/base/bif/strings.bif.zeek`
|
|
|
|
Definitions of built-in functions related to string processing and
|
|
manipulation.
|
|
|
|
:doc:`/scripts/base/bif/option.bif.zeek`
|
|
|
|
Definitions of built-in functions that allow the scripting layer to
|
|
change the value of options and to be notified when option values change.
|
|
|
|
:doc:`/scripts/base/bif/supervisor.bif.zeek`
|
|
|
|
The BIFs that define the Zeek supervisor control interface.
|
|
|
|
:doc:`/scripts/base/bif/packet_analysis.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/CPP-load.bif.zeek`
|
|
|
|
Definitions of built-in functions related to loading compiled-to-C++
|
|
scripts.
|
|
|
|
:doc:`/scripts/base/bif/mmdb.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/telemetry_functions.bif.zeek`
|
|
|
|
Functions for accessing counter metrics from script land.
|
|
|
|
:doc:`/scripts/base/bif/telemetry_types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/event.bif.zeek`
|
|
|
|
The protocol-independent events that the C/C++ core of Zeek can generate.
|
|
|
|
This is mostly events not related to a specific transport- or
|
|
application-layer protocol, but also includes a few that may be generated
|
|
by more than one protocols analyzer (like events generated by both UDP and
|
|
TCP analysis.)
|
|
|
|
:doc:`/scripts/base/bif/analyzer.bif.zeek`
|
|
|
|
Internal functions and types used by the analyzer framework.
|
|
|
|
:doc:`/scripts/base/bif/file_analysis.bif.zeek`
|
|
|
|
Internal functions and types used by the file analysis framework.
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Teredo.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Teredo.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_GTPv1.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_GTPv1.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/logging.bif.zeek`
|
|
|
|
Internal functions and types used by the logging framework.
|
|
|
|
:doc:`/scripts/base/bif/comm.bif.zeek`
|
|
|
|
Functions and events regarding broker communication mechanisms.
|
|
|
|
:doc:`/scripts/base/bif/messaging.bif.zeek`
|
|
|
|
Functions for peering and various messaging patterns.
|
|
|
|
:doc:`/scripts/base/bif/data.bif.zeek`
|
|
|
|
Functions for inspecting and manipulating broker data.
|
|
|
|
:doc:`/scripts/base/bif/store.bif.zeek`
|
|
|
|
Functions to interface with broker's distributed data store.
|
|
|
|
:doc:`/scripts/base/bif/input.bif.zeek`
|
|
|
|
Internal functions and types used by the input framework.
|
|
|
|
:doc:`/scripts/base/bif/cluster.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Cluster_WebSocket.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/__load__.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/telemetry_consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/zeekygen.bif.zeek`
|
|
|
|
Functions for querying script, package, or variable documentation.
|
|
|
|
:doc:`/scripts/base/bif/pcap.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/bloom-filter.bif.zeek`
|
|
|
|
Functions to create and manipulate Bloom filters.
|
|
|
|
:doc:`/scripts/base/bif/cardinality-counter.bif.zeek`
|
|
|
|
Functions to create and manipulate probabilistic cardinality counters.
|
|
|
|
:doc:`/scripts/base/bif/top-k.bif.zeek`
|
|
|
|
Functions to probabilistically determine top-k elements.
|
|
|
|
:doc:`/scripts/base/bif/storage.bif.zeek`
|
|
|
|
Functions related to general storage operations. These are not specific to async or sync.
|
|
|
|
:doc:`/scripts/base/bif/storage-async.bif.zeek`
|
|
|
|
Functions related to asynchronous storage operations.
|
|
|
|
:doc:`/scripts/base/bif/storage-events.bif.zeek`
|
|
|
|
Events related to storage operations.
|
|
|
|
:doc:`/scripts/base/bif/storage-sync.bif.zeek`
|
|
|
|
Functions related to synchronous storage operations.
|
|
|
|
:doc:`/scripts/base/bif/spicy.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/__load__.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_BitTorrent.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_ConnSize.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_ConnSize.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DHCP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DHCP.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_File.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_GSSAPI.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_HTTP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_HTTP.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Ident.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_IMAP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_IRC.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_KRB.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Login.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Login.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_MIME.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_MIME.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Modbus.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_MQTT.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_MQTT.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_MySQL.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NCP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NCP.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NetBIOS.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NTLM.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NTLM.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NTP.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NTP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_POP3.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_POP3.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_RADIUS.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_RDP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_RDP.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_RFB.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_RPC.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SIP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMB.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMTP.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMTP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SMTP.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SNMP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SOCKS.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SSH.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SSH.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SSL.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_StreamEvent.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_TCP.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_WebSocket.consts.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_WebSocket.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_WebSocket.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_WebSocket.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_XMPP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_PPPoE.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_ARP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_UDP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_ICMP.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Geneve.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_Geneve.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_VXLAN.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_FileEntropy.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_FileExtract.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_FileExtract.functions.bif.zeek`
|
|
|
|
Internal functions used by the extraction file analyzer.
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_FileHash.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_PE.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_X509.events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_X509.types.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_X509.functions.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_ConfigReader.config.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_RawReader.raw.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_AF_Packet.af_packet.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek`
|
|
|
|
|
|
:doc:`/scripts/base/bif/plugins/Zeek_JavaScript.zeekjs.bif.zeek`
|
|
|
|
|