Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events ... The generation of weird events, by default, are now rate-limited according to these tunable options: - Weird::sampling_whitelist - Weird::sampling_threshold - Weird::sampling_rate - Weird::sampling_duration The new get_reporter_stats() BIF also allows one to query the total number of weirds generated (pre-sampling) which the new policy/misc/weird-stats.bro script uses periodically to populate a weird_stats.log. There's also new reporter BIFs to allow generating weirds from the script-layer such that they go through the same, internal rate-limiting/sampling mechanisms: - Reporter::conn_weird - Reporter::flow_weird - Reporter::net_weird Some of the code was adapted from previous work by Johanna Amann.		2018-07-26 19:57:36 -05:00
..
conn	Merge topic/actor-system throug a squashed commit.	2018-05-18 22:39:23 +00:00
dhcp	Merge remote-tracking branch 'origin/topic/seth/dhcp-update'	2018-05-01 18:06:41 -05:00
dns	Rewrite DNS state tracking which matches queries and replies.	2014-01-30 17:21:01 -06:00
ftp	Fix typos and formatting in the policy/protocols docs	2013-10-21 02:34:28 -05:00
http	Merge topic/actor-system throug a squashed commit.	2018-05-18 22:39:23 +00:00
krb	Refactor base krb scripts and update tests.	2017-02-18 13:55:39 -05:00
modbus	Allow logging filters to inherit default path from stream.	2015-03-19 14:49:55 -05:00
mysql	Merge remote-tracking branch 'origin/topic/vladg/mysql'	2014-11-11 11:49:26 -08:00
rdp	New script to add a field to rdp.log when the connection is upgraded to SSL.	2015-03-04 14:50:41 -05:00
smb	Add rate-limiting sampling mechanism for weird events	2018-07-26 19:57:36 -05:00
smtp	SMTP does not need to pull in the notice framework.	2016-06-23 13:22:16 -07:00
ssh	Ensure that the notice uid field is filled in.	2016-09-19 22:11:31 -04:00
ssl	Fix SCT validation when invalid certificates are in chain.	2018-05-31 14:58:46 -07:00