Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/doc/scripts/policy/frameworks/software/vulnerable.zeek.rst
Tim Wojtulewicz ded98cd373 Copy docs into Zeek repo directly 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
2025-09-26 02:58:29 +00:00

111 lines
4.7 KiB
ReStructuredText
Raw Blame History

:tocdepth: 3
policy/frameworks/software/vulnerable.zeek
==========================================
.. zeek:namespace:: Software
Provides a variable to define vulnerable versions of software and if
a version of that software is as old or older than the defined version a
notice will be generated.
:Namespace: Software
:Imports: :doc:`base/frameworks/control </scripts/base/frameworks/control/index>`, :doc:`base/frameworks/notice </scripts/base/frameworks/notice/index>`, :doc:`base/frameworks/software </scripts/base/frameworks/software/index>`
Summary
~~~~~~~
Runtime Options
###############
=================================================================================================== =============================================================
:zeek:id:`Software::vulnerable_versions_update_endpoint`: :zeek:type:`string` :zeek:attr:`&redef` The DNS zone where runtime vulnerable software updates will
be loaded from.
:zeek:id:`Software::vulnerable_versions_update_interval`: :zeek:type:`interval` :zeek:attr:`&redef` The interval at which vulnerable versions should grab updates
over DNS.
=================================================================================================== =============================================================
Redefinable Options
###################
================================================================================ ===============================================================
:zeek:id:`Software::vulnerable_versions`: :zeek:type:`table` :zeek:attr:`&redef` This is a table of software versions indexed by the name of the
software and a set of version ranges that are declared to be
vulnerable for that software.
================================================================================ ===============================================================
Types
#####
================================================================== =
:zeek:type:`Software::VulnerableVersionRange`: :zeek:type:`record`
================================================================== =
Redefinitions
#############
============================================ ===============================================================
:zeek:type:`Notice::Type`: :zeek:type:`enum`
* :zeek:enum:`Software::Vulnerable_Version`:
Indicates that a vulnerable version of software was detected.
============================================ ===============================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. zeek:id:: Software::vulnerable_versions_update_endpoint
:source-code: policy/frameworks/software/vulnerable.zeek 32 32
:Type: :zeek:type:`string`
:Attributes: :zeek:attr:`&redef`
:Default: ``""``
The DNS zone where runtime vulnerable software updates will
be loaded from.
.. zeek:id:: Software::vulnerable_versions_update_interval
:source-code: policy/frameworks/software/vulnerable.zeek 36 36
:Type: :zeek:type:`interval`
:Attributes: :zeek:attr:`&redef`
:Default: ``1.0 hr``
The interval at which vulnerable versions should grab updates
over DNS.
Redefinable Options
###################
.. zeek:id:: Software::vulnerable_versions
:source-code: policy/frameworks/software/vulnerable.zeek 41 41
:Type: :zeek:type:`table` [:zeek:type:`string`] of :zeek:type:`set` [:zeek:type:`Software::VulnerableVersionRange`]
:Attributes: :zeek:attr:`&redef`
:Default: ``{}``
This is a table of software versions indexed by the name of the
software and a set of version ranges that are declared to be
vulnerable for that software.
Types
#####
.. zeek:type:: Software::VulnerableVersionRange
:source-code: policy/frameworks/software/vulnerable.zeek 17 28
:Type: :zeek:type:`record`
.. zeek:field:: min :zeek:type:`Software::Version` :zeek:attr:`&optional`
The minimal version of a vulnerable version range. This
field can be undefined if all previous versions of a piece
of software are vulnerable.
.. zeek:field:: max :zeek:type:`Software::Version`
The maximum vulnerable version. This field is deliberately
not optional because a maximum vulnerable version must
always be defined. This assumption may become incorrect
if all future versions of some software are to be considered
vulnerable. :)
Reference in a new issue View git blame Copy permalink