mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
8ce746cc25
* origin/topic/vladg/bit-1641: Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641. Clean up the logic for ssh_auth_failed. Addresses BIT-1641 Update baselines for adding a field to ssh.log as part of BIT-1641 Script-land changes for BIT-1641. Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641. Revert "Fixing duplicate SSH authentication failure events." Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641. I extended the tests a bit and did some small cleanups. I also moved the SSH events back to the global namespace for backwards compatibility and for consistency (the way it was at the moment, some of them were global some SSH::). Furthermore, I fixed the ssh_auth_result result event, it was only raised in the success case. ssh_auth_result is now also checked in the testcases. I also have a suspicion that the intel integration never really worked before. BIT-1641 #merged |
||
|---|---|---|
| .. | ||
| conn | ||
| dce-rpc | ||
| dhcp | ||
| dnp3 | ||
| dns | ||
| ftp | ||
| http | ||
| imap | ||
| irc | ||
| krb | ||
| modbus | ||
| mysql | ||
| ntlm | ||
| pop3 | ||
| radius | ||
| rdp | ||
| rfb | ||
| sip | ||
| smb | ||
| smtp | ||
| snmp | ||
| socks | ||
| ssh | ||
| ssl | ||
| syslog | ||
| tunnels | ||
| xmpp | ||