mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 17:18:20 +00:00
7e9d48f532
The broxygen-generated files now live in the git repo, have tests that check that they are up-to-date, and a script to re-generate them on-demand.
49 lines
1.7 KiB
ReStructuredText
49 lines
1.7 KiB
ReStructuredText
:tocdepth: 3
|
|
|
|
policy/protocols/smtp/detect-suspicious-orig.bro
|
|
================================================
|
|
.. bro:namespace:: SMTP
|
|
|
|
|
|
:Namespace: SMTP
|
|
:Imports: :doc:`base/frameworks/notice/main.bro </scripts/base/frameworks/notice/main.bro>`, :doc:`base/protocols/smtp/main.bro </scripts/base/protocols/smtp/main.bro>`
|
|
|
|
Summary
|
|
~~~~~~~
|
|
Runtime Options
|
|
###############
|
|
==================================================================================== ===================================================================
|
|
:bro:id:`SMTP::suspicious_origination_countries`: :bro:type:`set` :bro:attr:`&redef` Places where it's suspicious for mail to originate from represented
|
|
as all-capital, two character country codes (e.g., US).
|
|
:bro:id:`SMTP::suspicious_origination_networks`: :bro:type:`set` :bro:attr:`&redef`
|
|
==================================================================================== ===================================================================
|
|
|
|
Redefinitions
|
|
#############
|
|
========================================== =
|
|
:bro:type:`Notice::Type`: :bro:type:`enum`
|
|
========================================== =
|
|
|
|
|
|
Detailed Interface
|
|
~~~~~~~~~~~~~~~~~~
|
|
Runtime Options
|
|
###############
|
|
.. bro:id:: SMTP::suspicious_origination_countries
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`string`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
Places where it's suspicious for mail to originate from represented
|
|
as all-capital, two character country codes (e.g., US). It requires
|
|
Bro to be built with GeoIP support.
|
|
|
|
.. bro:id:: SMTP::suspicious_origination_networks
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`subnet`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
|
|
|