mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
bc8fd5a4c6
Introduce two new events for analyzer confirmation and analyzer violation reporting. The current analyzer_confirmation and analyzer_violation events assume connection objects and analyzer ids are available which is not always the case. We're already passing aid=0 for packet analyzers and there's not currently a way to report violations from file analyzers using analyzer_violation, for example. These new events use an extensible Info record approach so that additional (optional) information can be added later without changing the signature. It would allow for per analyzer extensions to the info records to pass analyzer specific info to script land. It's not clear that this would be a good idea, however. The previous analyzer_confirmation and analyzer_violation events continue to exist, but are deprecated and will be removed with Zeek 6.1. |
||
|---|---|---|
| .. | ||
| analyzer | ||
| broker | ||
| cluster | ||
| config | ||
| control | ||
| dpd | ||
| files | ||
| input | ||
| intel | ||
| logging | ||
| netcontrol | ||
| notice | ||
| openflow | ||
| packet-filter | ||
| reporter | ||
| signatures | ||
| software | ||
| sumstats | ||
| supervisor | ||
| telemetry | ||
| tunnels | ||