Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/ssl
History
Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events 
The generation of weird events, by default, are now rate-limited
according to these tunable options:

  - Weird::sampling_whitelist
  - Weird::sampling_threshold
  - Weird::sampling_rate
  - Weird::sampling_duration

The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.

There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:

  - Reporter::conn_weird
  - Reporter::flow_weird
  - Reporter::net_weird

Some of the code was adapted from previous work by Johanna Amann.
2018-07-26 19:57:36 -05:00
..
__load__.bro Add CT log information to Bro 2017-03-16 13:50:32 -07:00
consts.bro Add non-standard experimental Google post-quantum ciphers 2018-05-17 15:54:48 -07:00
ct-list.bro Update list of Certificate Transparency logs. 2018-02-16 10:44:29 -08:00
dpd.sig SSL: update dpd signature for TLS1.3 2017-04-05 08:58:08 -07:00
files.bro SCT: Fix script error when mime type of file unknown. 2017-05-14 19:53:22 -07:00
main.bro Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00
mozilla-ca-list.bro Update Mozilla CA list to state of NSS 3.35. 2018-02-16 10:53:51 -08:00
README SSL: Update OCSP/SCT scripts and documentation. 2017-07-27 16:22:40 -07:00

README 

Support for Secure Sockets Layer (SSL)/Transport Layer Security(TLS) protocol analysis.