Johanna Amann e58b03a43f Add policy script suppressing certificate events ... The added disable-certificate-events-known-certs.zeek disables repeated X509 events in SSL connections, given that the connection terminates at the same server and used the samt SNI as a previously seen connection with the same certificate. For people that see significant amounts of TLS 1.2 traffic, this could reduce the amount of raised events significantly - especially when a lot of connections are repeat connections to the same servers. The practical impact of not raising these events is actually very little - unless a script directly interacts with the x509 events, everything works as before - the x509 variables in the connection records are still being set (from the cache).		2021-06-29 11:39:18 +01:00
..
files	Add policy script suppressing certificate events	2021-06-29 11:39:18 +01:00
frameworks	Change SSL and X.509 logging format	2021-06-29 09:26:43 +01:00
integration	Support for log filter policy hooks	2020-09-30 12:32:45 -07:00
misc	Move UnknownProtocol options to init-bare.zeek	2020-11-11 12:58:38 -08:00
protocols	Add new ssl-log-ext policy script	2021-06-29 09:45:25 +01:00
tuning	Merge remote-tracking branch 'origin/topic/seth/zeek_init'	2019-04-19 11:24:29 -07:00