Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/protocols
History
Arne Welzel bc8fd5a4c6 Introduce generic analyzer_confirmation_info and analyzer_violation_info 
Introduce two new events for analyzer confirmation and analyzer violation
reporting. The current analyzer_confirmation and analyzer_violation
events assume connection objects and analyzer ids are available which
is not always the case. We're already passing aid=0 for packet analyzers
and there's not currently a way to report violations from file analyzers
using analyzer_violation, for example.

These new events use an extensible Info record approach so that additional
(optional) information can be added later without changing the signature.
It would allow for per analyzer extensions to the info records to pass
analyzer specific info to script land. It's not clear that this would be
a good idea, however.

The previous analyzer_confirmation and analyzer_violation events
continue to exist, but are deprecated and will be removed with Zeek 6.1.
2022-09-27 17:49:51 +02:00
..
conn Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
dce-rpc scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd 2022-08-31 16:50:37 +02:00
dhcp Prevent large dhcp log entries 2022-07-28 11:34:18 -07:00
dnp3 Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
dns Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
ftp deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
http Correct origin documentation of the version field in the HTTP log. 2022-04-04 14:22:58 -07:00
imap Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00
irc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
krb Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
modbus Add a field to Modbus/TCP log to indicate the Modbus PDU type 2022-07-24 02:41:26 +00:00
mqtt Disable MQTT by default 2019-08-05 17:04:39 -07:00
mysql Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
ntlm scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd 2022-08-31 16:50:37 +02:00
ntp &is_set => &is_assigned 2021-02-04 12:18:46 -08:00
pop3 Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
radius deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
rdp Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
rfb Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
sip Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
smb smb2: Raise smb2_file_delete for CREATE with FILE_DELETE_ON_CLOSE 2022-07-16 17:14:13 +02:00
smtp GH-1589: Avoid extracting IP-like strings from SMTP headers 2021-09-03 17:35:10 +00:00
snmp Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
socks Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
ssh Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
ssl Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
syslog Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
tunnels Add Teredo packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
xmpp Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00