mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 10:08:20 +00:00
dcbd0819a6
- Some scripts used wrong SSH module/namespace scoping on events. - Fix outdated notice documentation related to SSH password guessing. - Add a unit test for SSH pasword guessing notice.
10 lines
884 B
Text
10 lines
884 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path notice
|
|
#open 2015-03-30-15-43-30
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
|
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
|
1427726711.398575 - - - - - - - - - SSH::Password_Guessing 192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections). Sampled servers: 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103 192.168.56.1 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
|
#close 2015-03-30-15-43-30
|