Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base
History
Seth Hall bbedb73a45 Huge updates to the RDP analyzer from Josh Liburdi. 
- More data pulled into scriptland.
  - Logs expanded with client screen resolution and desired color depth.
  - Values in UTF-16 on the wire are converted to UTF-8 before being
    sent to scriptland.
  - If the RDP turns into SSL records, we now pass data that appears
    to be SSL to the PIA analyzer.
  - If RDP uses native encryption with X.509 certs we pass those
    certs to the files framework and the base scripts pass them forward
    to the X.509 analyzer.
  - Lots of cleanup and adjustment to fit the documented protocol
    a bit better.
  - Cleaned up the DPD signatures.
  - Moved to flowunit instead of datagram.
  - Added tests.
2015-03-04 13:12:03 -05:00
..
files Deprecate split* family of BIFs. 2015-01-21 15:34:42 -06:00
frameworks Fixing analyzer tag types for some Files::* functions. 2015-02-08 18:23:22 -08:00
misc Add script to detect filtered TCP traces, addresses BIT-1119. 2014-01-31 17:04:58 -06:00
protocols Huge updates to the RDP analyzer from Josh Liburdi. 2015-03-04 13:12:03 -05:00
utils Deprecate split* family of BIFs. 2015-01-21 15:34:42 -06:00
init-bare.bro Huge updates to the RDP analyzer from Josh Liburdi. 2015-03-04 13:12:03 -05:00
init-default.bro Update init-default.bro 2015-02-14 13:31:23 -08:00