This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Prints out field descriptions of all logs generated by Zeek 3.0+. | |
# | |
# * Set environment variable ZEEK_ALLOW_INIT_ERRORS=1 before running Zeek | |
# with this script. | |
# | |
# * Requires a version of Bro/Zeek with the improvements from: | |
# https://github.com/bro/bro/commit/1f450c05102be6dd7ebcc2c5901d5a3a231cd675 | |
# (Was not included in 2.6 release) | |
@load zeekygen |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <caf/all.hpp> | |
#include <unistd.h> | |
#include <sys/time.h> | |
using namespace std; | |
using namespace caf; | |
double now() | |
{ | |
struct timeval tv; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <caf/all.hpp> | |
#include <unistd.h> | |
using namespace std; | |
using namespace caf; | |
struct foo { | |
actor a; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@load base/frameworks/notice | |
@load base/protocols/ssh | |
module SSH; | |
export { | |
const watched_servers: set[addr] = { | |
192.168.1.100, | |
192.168.1.101, | |
192.168.1.102, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@load frameworks/communication/listen | |
redef Communication::listen_port = 1337/tcp; | |
redef Communication::nodes += { | |
["foo"] = [$host = 127.0.0.1, $events = /my_event_request/, $connect = F] | |
}; | |
event remote_connection_handshake_done(p: event_peer) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
redef Communication::nodes += { | |
["foo"] = [$host = 127.0.0.1, $p=1337/tcp, $events = /my_event_response/, $connect=T] | |
}; | |
event my_event_request(details: string) | |
{ | |
print "sent my_event_request", details; | |
} | |
event my_event_response(details: count) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module SecurityOnion; | |
@load base/frameworks/input | |
export { | |
## Event to capture when the hostname is discovered. | |
global SecurityOnion::found_hostname: event(hostname: string); | |
## Hostname for this box. | |
global hostname = ""; |