Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/smb
History
Arne Welzel 3dae8ab086 smb2: Raise smb2_file_delete for CREATE with FILE_DELETE_ON_CLOSE 
When a CREATE request contains the FILE_DELETE_ON_CLOSE option and
the subsequent CREATE response indicates success, we now raise the
smb2_file_delete event to log a delete action in smb_files.log and
also give users a way to handle this scenario.

The provided pcap was generated locally by recording a smbtorture run
of the smb2.delete-on-close-perms test case.

Placed the create_options into the CmdInfo record for potential
exposure in smb_cmd.log (wasn't sure how that would look so left it
for the future).

Fixes #2276.
2022-07-16 17:14:13 +02:00
..
__load__.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
const-dos-error.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
const-nt-status.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
consts.zeek fix for ill-formed (complex) &default function 2022-03-31 19:31:21 -07:00
dpd.sig Enable SMB by default by moving scripts from policy/ to base/ 2018-08-16 17:23:28 -05:00
files.zeek Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
main.zeek Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
README Enable SMB by default by moving scripts from policy/ to base/ 2018-08-16 17:23:28 -05:00
smb1-main.zeek deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
smb2-main.zeek smb2: Raise smb2_file_delete for CREATE with FILE_DELETE_ON_CLOSE 2022-07-16 17:14:13 +02:00

README 

Support for SMB protocol analysis.