mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 04:58:21 +00:00
5ea7a2b22e
* The http.bro script only loads other scripts now. * http/base.bro configures the analyzer in the core and does minimal state collection. * http/base-extended.bro adds extra state collection that may not always be desired. * http/detect-intel.bro is where intelligence based detection that we ship will take place. * http/detect.bro is where behavioral and scripted (known) actions will be detected. * http/utils.bro are http specific utility functions * http/var-extraction* scripts add cookie and uri key values to the base state collection and logging. They are also maintained in a vector so that order is presevered. The var-extraction* and base-extended scripts are good examples of how the base script extension model works. This also has an inital try at storing the "Info" state table in the connection record.
3 lines
No EOL
52 B
Text
3 lines
No EOL
52 B
Text
## Intelligence based HTTP detections.
|
|
|
|
module HTTP; |