Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/policy/files/x509
History
Johanna Amann e58b03a43f Add policy script suppressing certificate events 
The added disable-certificate-events-known-certs.zeek disables repeated
X509 events in SSL connections, given that the connection terminates at
the same server and used the samt SNI as a previously seen connection
with the same certificate.

For people that see significant amounts of TLS 1.2 traffic, this could
reduce the amount of raised events significantly - especially when a
lot of connections are repeat connections to the same servers.

The practical impact of not raising these events is actually very little
- unless a script directly interacts with the x509 events, everything
works as before - the x509 variables in the connection records are still
being set (from the cache).
2021-06-29 11:39:18 +01:00
..
disable-certificate-events-known-certs.zeek Add policy script suppressing certificate events 2021-06-29 11:39:18 +01:00
log-ocsp.zeek Enable OCSP logging by default. 2021-06-29 09:26:29 +01:00