Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/policy/protocols/smb
History
Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events 
The generation of weird events, by default, are now rate-limited
according to these tunable options:

  - Weird::sampling_whitelist
  - Weird::sampling_threshold
  - Weird::sampling_rate
  - Weird::sampling_duration

The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.

There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:

  - Reporter::conn_weird
  - Reporter::flow_weird
  - Reporter::net_weird

Some of the code was adapted from previous work by Johanna Amann.
2018-07-26 19:57:36 -05:00
..
__load__.bro SMB test clean up and docs 2016-06-28 10:30:41 -04:00
dpd.sig Move the SMB analyzer out of the default load. 2016-06-14 15:34:00 -04:00
files.bro Fixing SMB tests again. 2016-06-28 11:03:16 -04:00
main.bro Add smb2_file_sattr 2018-04-04 14:40:43 -04:00
README Added missing README files for documentation 2016-10-10 22:55:50 -05:00
smb1-main.bro Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00
smb2-main.bro Merge branch 'smb2-updates' of https://github.com/dtrejod/bro 2018-05-31 21:13:20 -07:00

README 

Support for SMB protocol analysis.