mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 08:38:20 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
93 lines
4 KiB
ReStructuredText
93 lines
4 KiB
ReStructuredText
:tocdepth: 3
|
|
|
|
policy/integration/collective-intel/main.zeek
|
|
=============================================
|
|
.. zeek:namespace:: Intel
|
|
|
|
|
|
:Namespace: Intel
|
|
:Imports: :doc:`base/frameworks/intel </scripts/base/frameworks/intel/index>`
|
|
|
|
Summary
|
|
~~~~~~~
|
|
Types
|
|
#####
|
|
============================================ ========================================================
|
|
:zeek:type:`Intel::CIF`: :zeek:type:`record` CIF record used for consistent formatting of CIF values.
|
|
============================================ ========================================================
|
|
|
|
Redefinitions
|
|
#############
|
|
================================================= ====================================================================================
|
|
:zeek:type:`Intel::Info`: :zeek:type:`record`
|
|
|
|
:New Fields: :zeek:type:`Intel::Info`
|
|
|
|
cif: :zeek:type:`Intel::CIF` :zeek:attr:`&log` :zeek:attr:`&optional`
|
|
:zeek:type:`Intel::MetaData`: :zeek:type:`record` This file adds mapping between the Collective Intelligence Framework (CIF) and Zeek.
|
|
|
|
:New Fields: :zeek:type:`Intel::MetaData`
|
|
|
|
cif_tags: :zeek:type:`string` :zeek:attr:`&optional`
|
|
Maps to the 'tags' fields in CIF
|
|
|
|
cif_confidence: :zeek:type:`double` :zeek:attr:`&optional`
|
|
Maps to the 'confidence' field in CIF
|
|
|
|
cif_source: :zeek:type:`string` :zeek:attr:`&optional`
|
|
Maps to the 'source' field in CIF
|
|
|
|
cif_description: :zeek:type:`string` :zeek:attr:`&optional`
|
|
Maps to the 'description' field in CIF
|
|
|
|
cif_firstseen: :zeek:type:`string` :zeek:attr:`&optional`
|
|
Maps to the 'firstseen' field in CIF
|
|
|
|
cif_lastseen: :zeek:type:`string` :zeek:attr:`&optional`
|
|
Maps to the 'lastseen' field in CIF
|
|
================================================= ====================================================================================
|
|
|
|
|
|
Detailed Interface
|
|
~~~~~~~~~~~~~~~~~~
|
|
Types
|
|
#####
|
|
.. zeek:type:: Intel::CIF
|
|
:source-code: policy/integration/collective-intel/main.zeek 24 37
|
|
|
|
:Type: :zeek:type:`record`
|
|
|
|
|
|
.. zeek:field:: tags :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
|
|
|
|
CIF tags observations, examples for tags are ``botnet`` or ``exploit``.
|
|
|
|
|
|
.. zeek:field:: confidence :zeek:type:`double` :zeek:attr:`&optional` :zeek:attr:`&log`
|
|
|
|
In CIF Confidence details the degree of certainty of a given observation.
|
|
|
|
|
|
.. zeek:field:: source :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
|
|
|
|
Source given in CIF.
|
|
|
|
|
|
.. zeek:field:: description :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
|
|
|
|
description given in CIF.
|
|
|
|
|
|
.. zeek:field:: firstseen :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
|
|
|
|
First time the source observed the behavior.
|
|
|
|
|
|
.. zeek:field:: lastseen :zeek:type:`string` :zeek:attr:`&optional` :zeek:attr:`&log`
|
|
|
|
Last time the source observed the behavior.
|
|
|
|
|
|
CIF record used for consistent formatting of CIF values.
|
|
|
|
|