Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/bifs
History
Christian Kreibich 99de7b7526 Add community_id_v1() based on corelight/zeek-community-id 
"Community ID" has become an established flow hash for connection correlation
across different monitoring and storage systems. Other NSMs have had native
and built-in support for Community ID since late 2018. And even though the
roots of "Community ID" are very close to Zeek, Zeek itself has never provided
out-of-the-box support and instead required users to install an external plugin.

While we try to make that installation as easy as possible, an external plugin
always sets the bar higher for an initial setup and can be intimidating.
It also requires a rebuild operation of the plugin during upgrades. Nothing
overly complicated, but somewhat unnecessary for such popular functionality.

This isn't a 1:1 import. The options are parameters and the "verbose"
functionality  has been removed. Further, instead of a `connection`
record, the new bif works with `conn_id`, allowing computation of the
hash with little effort on the command line:

    $ zeek -e 'print community_id_v1([$orig_h=1.2.3.4, $orig_p=1024/tcp, $resp_h=5.6.7.8, $resp_p=80/tcp])'
    1:RcCrCS5fwYUeIzgDDx64EN3+okU

Reference: https://github.com/corelight/zeek-community-id/
2023-04-21 20:44:09 +02:00
..
community_id Add community_id_v1() based on corelight/zeek-community-id 2023-04-21 20:44:09 +02:00
addr_count_conversion.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
addr_to_ptr_name.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
addr_version.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
all_set.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
analyzer_name.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
any_set.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
backtrace.zeek Add backtrace() and print_backtrace() 2020-07-03 14:09:31 -07:00
bare_mode.zeek Add bare_mode bif. 2022-05-16 09:07:11 +02:00
bloomfilter-seed.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
bloomfilter.zeek Add intersect operation for bloom filters 2022-01-20 13:34:07 +00:00
bytestring_to_count.zeek Support other byte lengths in bytestring_to_count 2022-08-17 15:45:30 -07:00
bytestring_to_double.zeek GH-696: Add bytestring_to_float BIF 2022-07-13 10:44:24 -07:00
bytestring_to_float.zeek GH-696: Add bytestring_to_float BIF 2022-07-13 10:44:24 -07:00
bytestring_to_hexstr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
cat.zeek cat_sep: Make fully vararg and do explicit runtime type checks 2022-10-27 13:06:06 +02:00
cat_sep_errors.zeek cat_sep: Make fully vararg and do explicit runtime type checks 2022-10-27 13:06:06 +02:00
check_subnet.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
clear_table.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
clear_table_expire_func.zeek Fix using clear_table() within an &expire_func 2021-04-26 22:49:44 -07:00
compress_path.zeek GH-1041: Move compress_path to a bif that uses normalize_path 2020-07-06 11:43:44 -07:00
convert_for_pattern.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
count_to_addr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
create_file.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
current_analyzer.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
current_time.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
decode_base64.zeek Spelling testing 2022-11-16 20:05:03 -05:00
decode_base64_conn.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
decode_base64_errors.zeek btest/decode_base_errors: Avoid binary output in baseline 2023-02-02 18:49:00 +01:00
directory_operations.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
disable_analyzer-early.zeek Add analyzer_confirmation and analyzer_violation events 2021-11-23 19:36:50 -07:00
disable_analyzer-hook-module.zeek analyzer: Move disabling_analyzer() hook into Analyzer module 2023-01-23 12:22:05 +01:00
disable_analyzer-hook.zeek analyzer: Move disabling_analyzer() hook into Analyzer module 2023-01-23 12:22:05 +01:00
disable_analyzer-tcp-packet-children.zeek GH-532: improve disable_analyzer BIF 2019-08-09 20:03:26 -07:00
disable_analyzer.zeek Add analyzer_confirmation and analyzer_violation events 2021-11-23 19:36:50 -07:00
do_find_str.zeek Merge branch 'topic/AbdelSaTd/case-insensitive-find' 2021-11-10 11:33:47 +00:00
dump_current_packet.zeek GH-693: use pcap_dump_open_append where supported 2021-11-02 17:09:39 -07:00
edit.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
enable_raw_output.test Additional use of btest-diff --binary 2020-12-06 20:19:52 -08:00
encode_base64.zeek Spelling testing 2022-11-16 20:05:03 -05:00
entropy_test.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
enum_names.zeek enum_names: Support naming types with a string 2022-10-21 20:09:48 +02:00
enum_to_int.zeek Add test to ensure enum_to_int's return values are ordered 2022-04-11 13:10:36 -04:00
escape_string.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
event-handler-stats.zeek Minor renaming changes to event handler stats bif, plus a test 2022-11-14 09:13:31 -07:00
exit.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
file_mode.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
filter_subnet_table.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
find_all.zeek Add max_size argument for find_all/find_all_ordered BIFs 2023-02-21 12:27:54 -07:00
find_all_ordered.zeek Add max_size argument for find_all/find_all_ordered BIFs 2023-02-21 12:27:54 -07:00
find_entropy.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
find_last.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
fmt.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
fmt_ftp_port.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
footprint.zeek GH-2103: Disable leak detection for bifs.footprint in another way 2022-05-13 16:26:41 -07:00
get_current_packet_header.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
get_dns_stats.test get_dns_stats: Expose total cache size and cached text entries 2023-03-10 09:22:45 +01:00
get_matcher_stats.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
get_port_transport_proto.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
gethostname.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
getpid.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
getsetenv.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
global_ids.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
haversine_distance.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
hexdump.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
hexstr_to_bytestring.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
hll_cardinality.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
hll_cluster.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
hll_large_estimate.zeek Rename all BRO-prefixed environment variables 2019-05-22 00:12:31 -05:00
identify_data.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
install_src_addr_filter.test General btest cleanup 2020-08-11 11:26:22 -07:00
is_ascii.zeek Expand testcases around is_num(), is_alpha(), is_alnum(), is_ascii() BiFs 2022-02-28 13:09:32 -08:00
is_local_interface.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
is_port.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
join_string.zeek strings: Implement join_string_set() as bif 2022-09-20 23:07:26 +02:00
levenshtein_distance.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
lookup_ID.zeek Fix lookup_ID() BIF to return enum values 2020-11-06 15:37:54 -08:00
lowerupper.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
lstrip.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
mask_addr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
matching_subnets.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
math.zeek Add pow function 2022-07-14 22:13:34 +08:00
md5.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
net_stats_trace.test General btest cleanup 2020-08-11 11:26:22 -07:00
netbios-functions.zeek netbios_decode: use unsigned char for result 2023-02-02 15:48:58 +01:00
order.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
packet_sources.zeek Only allow a single trace file (-r) or interface (-i) option on the command-line 2020-01-31 09:34:54 -07:00
parse_ftp.zeek bifs/parse_eftp: Prevent reporter warnings/errors on invalid input 2023-01-16 15:20:02 +01:00
piped_exec.zeek tweak btest so it's recognized as a candidate for C++ compilation testing 2022-09-16 16:49:55 -07:00
print_raw.zeek Add new BIF: print_raw() 2019-10-02 15:21:24 -07:00
ptr_name_to_addr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
rand.zeek GH-1076: Fix bro_srandom() to replace 0 seeds with 1 2020-07-22 14:01:33 -07:00
raw_bytes_to_v4_addr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
raw_bytes_to_v6_addr.zeek Add tests for raw_bytes_to_v6_addr 2022-03-08 17:50:26 -05:00
reading_traces.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
record_type_to_vector.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
records_fields.zeek bifs/record_fields: Include actual enum name in type_name 2022-10-26 20:21:20 +02:00
remask_addr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
resize.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
reverse.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
rotate_file.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
rotate_file_by_name.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
routing0_data_to_addrs.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
rstrip.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
safe_shell_quote.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
same_object.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
sha1.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
sha256.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
sort.zeek test suite updates for expanded sort() BiF semantics (bools, doubles) 2021-02-25 17:13:50 -08:00
split_string.zeek Remove some deprected methods/events from bif files 2021-01-27 10:52:40 -07:00
strcmp.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
strftime.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
string_fill.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
string_to_pattern.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
string_utils.zeek Add type checking to string_cat arguments 2022-08-29 08:45:59 -07:00
string_utils_errors.zeek Add type checking to string_cat arguments 2022-08-29 08:45:59 -07:00
strip.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
strptime.zeek Separate stdout from stderr in btest baselines 2021-03-30 16:23:23 -07:00
strstr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
sub.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
subnet_to_addr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
subnet_version.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
subst_string.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
system.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
system_env.zeek Rename all BRO-prefixed environment variables 2019-05-22 00:12:31 -05:00
table_keys.zeek Add more test cases 2022-08-11 13:35:27 +08:00
table_values.zeek update test suite to avoid GH-2385 problems, including incorrect typing 2022-12-04 17:56:30 -08:00
to_addr.zeek Improve error messages from to_addr and to_subnet BIFs 2019-08-01 10:49:03 -07:00
to_count.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
to_double.zeek Add count_to_double and int_to_double bif functions 2020-12-01 16:35:49 -05:00
to_double_from_string.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
to_int.zeek GH-1860: Add double_to_int() bif 2021-12-13 10:46:14 -07:00
to_interval.zeek GH-985: Fix descriptions of double_to_interval() return values 2020-06-02 16:47:11 -07:00
to_port.zeek bifs/to_port: Avoid ASAN errors when calling to_port("") 2022-08-31 17:15:50 +02:00
to_subnet.zeek Improve error messages from to_addr and to_subnet BIFs 2019-08-01 10:49:03 -07:00
to_time.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
topk.zeek updates to test suite tests for compatibility with upcoming ZAM functionality 2021-06-01 09:25:30 -07:00
type_aliases.zeek Add type_aliases() BIF for introspecting type-names of types/values 2020-11-06 17:18:44 -08:00
type_name.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
unique_id-pools.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
unique_id-rnd.zeek Rename all BRO-prefixed environment variables 2019-05-22 00:12:31 -05:00
unique_id.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
uuid_to_string.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
x509_check_hostname.zeek Add ability to check if hostname is valid for a specific cert 2021-06-29 15:00:48 +01:00
x509_parse_dn.zeek SSL/TLS: Parse CertificateRequest message 2023-03-09 09:12:29 +01:00
x509_verify.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
zeek_args.zeek GH-700: add zeek_args() BIF 2019-11-28 10:24:48 -08:00
zeek_version.zeek Deprecate functions with "bro" in them. 2019-06-05 16:18:57 -07:00