Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/policy/frameworks/intel/seen
History
Johanna Amann 8ce746cc25 Merge remote-tracking branch 'origin/topic/vladg/bit-1641' 
* origin/topic/vladg/bit-1641:
  Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641.
  Clean up the logic for ssh_auth_failed. Addresses BIT-1641
  Update baselines for adding a field to ssh.log as part of BIT-1641
  Script-land changes for BIT-1641.
  Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641.
  Revert "Fixing duplicate SSH authentication failure events."
  Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641.

I extended the tests a bit and did some small cleanups. I also moved the
SSH events back to the global namespace for backwards compatibility and
for consistency (the way it was at the moment, some of them were global
some SSH::).

Furthermore, I fixed the ssh_auth_result result event, it was only
raised in the success case. ssh_auth_result is now also checked in the
testcases. I also have a suspicion that the intel integration never
really worked before.

BIT-1641 #merged
2016-10-18 21:57:27 -04:00
..
__load__.bro X509 file analyzer nearly done. Verification and most other policy scripts 2014-03-03 17:07:50 -08:00
conn-established.bro Some script reorg and a new intel extension script. 2013-07-29 16:40:16 -04:00
dns.bro Some script reorg and a new intel extension script. 2013-07-29 16:40:16 -04:00
file-hashes.bro Add file name support to intel framework. 2013-08-13 13:21:31 -04:00
file-names.bro Add file name support to intel framework. 2013-08-13 13:21:31 -04:00
http-headers.bro Normalize http host in seen script. 2016-09-22 16:52:59 -07:00
http-url.bro Some script reorg and a new intel extension script. 2013-07-29 16:40:16 -04:00
pubkey-hashes.bro Merge remote-tracking branch 'origin/topic/vladg/bit-1641' 2016-10-18 21:57:27 -04:00
README Add more script package README files 2013-10-23 16:36:14 -05:00
smtp-url-extraction.bro Merge remote-tracking branch 'origin/topic/seth/faf-updates' 2013-07-29 14:21:52 -07:00
smtp.bro Switch the MIME fields in smtp.log back to showing what's actually given. 2016-06-16 16:40:52 -04:00
ssl.bro Intel: Allow to provide uid/fuid instead of conn/f. 2016-04-25 16:54:47 -07:00
where-locations.bro Change the meaning of some email fields. 2016-06-15 10:32:06 -04:00
x509.bro Make x509 intel seen script robust against file analyzer ordering. 2016-08-11 16:12:08 -07:00

README 

Scripts that send data to the intelligence framework.