zeek/scripts/base/protocols/http at 35827eeb31987a096031a1b4dd782dea64efa2b5 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00

History

Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events The generation of weird events, by default, are now rate-limited according to these tunable options: - Weird::sampling_whitelist - Weird::sampling_threshold - Weird::sampling_rate - Weird::sampling_duration The new get_reporter_stats() BIF also allows one to query the total number of weirds generated (pre-sampling) which the new policy/misc/weird-stats.bro script uses periodically to populate a weird_stats.log. There's also new reporter BIFs to allow generating weirds from the script-layer such that they go through the same, internal rate-limiting/sampling mechanisms: - Reporter::conn_weird - Reporter::flow_weird - Reporter::net_weird Some of the code was adapted from previous work by Johanna Amann.		2018-07-26 19:57:36 -05:00
..
__load__.bro	Integrate new Broxygen functionality into Sphinx.	2013-11-21 14:34:32 -06:00
dpd.sig	Merge branch 'topic/robin/http-connect'	2014-03-03 16:53:46 -08:00
entities.bro	Fix minor typos in documentation of various scripts	2016-11-11 14:08:17 -06:00
files.bro	Fixes for file type identification.	2015-04-20 09:34:09 -04:00
main.bro	Add rate-limiting sampling mechanism for weird events	2018-07-26 19:57:36 -05:00
README	Add README files for base/protocols	2013-10-17 12:47:32 -05:00
utils.bro	Deprecate split* family of BIFs.	2015-01-21 15:34:42 -06:00

Support for Hypertext Transfer Protocol (HTTP) analysis.