Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols
History
Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events 
The generation of weird events, by default, are now rate-limited
according to these tunable options:

  - Weird::sampling_whitelist
  - Weird::sampling_threshold
  - Weird::sampling_rate
  - Weird::sampling_duration

The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.

There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:

  - Reporter::conn_weird
  - Reporter::flow_weird
  - Reporter::net_weird

Some of the code was adapted from previous work by Johanna Amann.
2018-07-26 19:57:36 -05:00
..
conn Correct conn history field documentation 2018-06-08 10:43:32 -05:00
dce-rpc Update consts.bro 2018-04-25 16:25:34 +01:00
dhcp Merge topic/actor-system throug a squashed commit. 2018-05-18 22:39:23 +00:00
dnp3 Allow logging filters to inherit default path from stream. 2015-03-19 14:49:55 -05:00
dns Remove some DNS weirds that caused volume and didn't help anyone. 2017-12-13 15:00:15 -05:00
ftp Merge remote-tracking branch 'origin/topic/jazoff/fix-gridftp' 2017-09-21 09:15:57 -07:00
http Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00
imap Basic IMAP StartTLS analyzer. 2015-07-22 10:35:49 -07:00
irc Merge topic/actor-system throug a squashed commit. 2018-05-18 22:39:23 +00:00
krb Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp-new 2017-03-16 12:28:08 -07:00
modbus Allow logging filters to inherit default path from stream. 2015-03-19 14:49:55 -05:00
mysql Add missing documentation on the "Bro Package Index" page 2015-06-02 10:00:00 -05:00
ntlm Added missing README files for documentation 2016-10-10 22:55:50 -05:00
pop3 Add README files for base/protocols 2013-10-17 12:47:32 -05:00
radius Rework the RADIUS base script. 2017-02-20 00:07:14 -05:00
rdp Allow File analyzers to direcly pass mime type. 2017-02-10 17:03:33 -08:00
rfb Fix minor typos in documentation of various scripts 2016-11-11 14:08:17 -06:00
sip Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00
smb Removed a few more discovered UTF-8 characters in Bro scripts. 2018-06-02 04:57:48 -04:00
smtp SMTP does not need to pull in the notice framework. 2016-06-23 13:22:16 -07:00
snmp Allow logging filters to inherit default path from stream. 2015-03-19 14:49:55 -05:00
socks Merge remote-tracking branch 'origin/topic/johanna/socks-password' 2017-12-02 09:53:56 -06:00
ssh Addresses BIT-1831 2017-08-01 16:24:44 -04:00
ssl Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00
syslog Add some missing Bro script documentation 2016-05-05 16:35:31 -05:00
tunnels Added missing README files for documentation 2016-10-10 22:55:50 -05:00
xmpp Add xmpp dpd sig and fix a few parsing problems for connections that do 2015-07-21 13:20:35 -07:00