zeek/scripts/base/frameworks/notice at dbaa9bf33d26be80f820e73a550a25d4be2740a7 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

History

Tim Wojtulewicz 5811e58139 Merge remote-tracking branch 'origin/topic/awelzel/3145-dcerpc-state-clean' * origin/topic/awelzel/3145-dcerpc-state-clean: dce-rpc: Test cases for unbounded state growth dce-rpc: Handle smb2_close_request() in scripts smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them dce-rpc: Do not repeatedly register removal hooks (cherry picked from commit `f9904511ab`)		2023-08-08 12:55:21 -07:00
..
actions	Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'"	2023-05-31 09:20:33 +02:00
__load__.zeek	GH-379: move catch-and-release and unified2 scripts to policy/	2019-06-05 13:33:45 -07:00
main.zeek	Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'"	2023-05-31 09:20:33 +02:00
README	More bro-to-zeek renaming in scripts and other files	2019-05-16 02:36:41 -05:00
weird.zeek	Merge remote-tracking branch 'origin/topic/awelzel/3145-dcerpc-state-clean'	2023-08-08 12:55:21 -07:00

README

The notice framework enables Zeek to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Zeek to be customized to the different needs that sites have.