rbroccoli 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/MIT-LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ Copyright (c) 2006 Seth Hall
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
+
data/README ADDED
@@ -0,0 +1,40 @@
1
+ About
2
+ ---
3
+ This is the rBroccoli extension for ruby which provides access to the
4
+ Broccoli API. Broccoli is a library for communicating with the Bro Intrusion
5
+ Detection System. Broccoli is distributed with ruby now, so I'm going to be
6
+ releasing versions of rBroccoli that target bro version.
7
+
8
+ Bro: http://www.bro-ids.org
9
+ Broccoli: http://www.cl.cam.ac.uk/~cpk25/broccoli/
10
+
11
+ Install
12
+ ---
13
+ To install the extension
14
+ 1. Make sure that the broccoli-config binary is in your path.
15
+ 2. Run, "sudo ruby setup.rb"
16
+
17
+ To install the extension as a gem
18
+ 1. Make sure that the broccoli-config binary is in your path.
19
+ 2. Run, "sudo gem install rbroccoli"
20
+ (you don't need to download anything ahead of time)
21
+
22
+ Usage
23
+ ---
24
+ There aren't really any useful docs yet. Your best bet currently is
25
+ to to read through the examples.
26
+
27
+ One thing I should mention however is that I haven't done any optimization
28
+ yet. You may find that if you write code that is going to be sending or
29
+ receiving extremely large numbers of events, that it won't run fast enough and
30
+ will begin to fall behind the bro server. The dns_requests.rb example is
31
+ a good performance test if your bro server is sitting on a network with many
32
+ dns lookups.
33
+
34
+
35
+ Contact
36
+ ---
37
+ If you have a question/comment/patch, email me at:
38
+ seth@remor.com
39
+ or
40
+ seth@net.ohio-state.edu
@@ -0,0 +1,1010 @@
1
+ # This file was autogenerated on Tue Aug 22 15:06:06 EDT 2006
2
+ # Please do not edit!
3
+ ---
4
+ OS_version_found:
5
+ - :connection
6
+ - :addr
7
+ - :OS_version
8
+ ack_above_hole:
9
+ - :connection
10
+ dns_mapping_valid:
11
+ - :dns_mapping
12
+ smtp_signature_found:
13
+ - :connection
14
+ nfs_attempt_fsstat:
15
+ - :connection
16
+ - :count
17
+ - :string
18
+ irc_dcc_message:
19
+ - :connection
20
+ - :string
21
+ - :string
22
+ - :string
23
+ - :string
24
+ - :addr
25
+ - :count
26
+ - :count
27
+ irc_whois_operator_line:
28
+ - :connection
29
+ - :string
30
+ irc_privmsg_message:
31
+ - :connection
32
+ - :string
33
+ - :string
34
+ - :string
35
+ dns_request:
36
+ - :connection
37
+ - :dns_msg
38
+ - :string
39
+ - :count
40
+ - :count
41
+ bad_option_termination:
42
+ - :connection
43
+ dns_mapping_altered:
44
+ - :dns_mapping
45
+ - :addr_set
46
+ - :addr_set
47
+ login_confused_text:
48
+ - :connection
49
+ - :string
50
+ irc_message:
51
+ - :connection
52
+ - :string
53
+ - :string
54
+ - :string
55
+ gnutella_signature_found:
56
+ - :connection
57
+ ncp_request:
58
+ - :connection
59
+ - :count
60
+ - :count
61
+ - :count
62
+ pop3_login_failure:
63
+ - :connection
64
+ - :bool
65
+ - :string
66
+ - :string
67
+ login_input_line:
68
+ - :connection
69
+ - :string
70
+ remote_connection_error:
71
+ - :event_peer
72
+ - :string
73
+ epm_map_response:
74
+ - :connection
75
+ - :string
76
+ - :port
77
+ - :addr
78
+ conn_weird_addl:
79
+ - :string
80
+ - :connection
81
+ - :string
82
+ udp_session_done:
83
+ - :connection
84
+ login_failure:
85
+ - :connection
86
+ - :string
87
+ - :string
88
+ - :string
89
+ - :string
90
+ http_request:
91
+ - :connection
92
+ - :string
93
+ - :string
94
+ - :string
95
+ - :string
96
+ irc_nick_message:
97
+ - :connection
98
+ - :string
99
+ - :string
100
+ ntp_message:
101
+ - :connection
102
+ - :ntp_msg
103
+ - :string
104
+ pop3_terminate:
105
+ - :connection
106
+ - :bool
107
+ - :string
108
+ pm_attempt_callit:
109
+ - :connection
110
+ - :count
111
+ - :pm_callit_request
112
+ irc_request:
113
+ - :connection
114
+ - :string
115
+ - :string
116
+ - :string
117
+ connection_reset:
118
+ - :connection
119
+ bro_done: []
120
+
121
+ kazaa_signature_found:
122
+ - :connection
123
+ pm_request_getport:
124
+ - :connection
125
+ - :pm_port_request
126
+ - :port
127
+ http_end_entity:
128
+ - :connection
129
+ - :bool
130
+ connection_rejected:
131
+ - :connection
132
+ netbios_session_message:
133
+ - :connection
134
+ - :bool
135
+ - :count
136
+ - :count
137
+ smb_com_transaction2:
138
+ - :connection
139
+ - :bool
140
+ - :count
141
+ - :string
142
+ - :string
143
+ connection_partial_close:
144
+ - :connection
145
+ irc_whois_channel_line:
146
+ - :connection
147
+ - :string
148
+ - :string_set
149
+ pop3_request:
150
+ - :connection
151
+ - :bool
152
+ - :string
153
+ - :string
154
+ icmp_echo_request:
155
+ - :connection
156
+ - :icmp_conn
157
+ - :count
158
+ - :count
159
+ - :string
160
+ pop3_unexpected:
161
+ - :connection
162
+ - :bool
163
+ - :string
164
+ - :string
165
+ new_connection_contents:
166
+ - :connection
167
+ authentication_accepted:
168
+ - :string
169
+ - :connection
170
+ netbios_session_request:
171
+ - :connection
172
+ - :string
173
+ bro_init: []
174
+
175
+ conn_weird:
176
+ - :string
177
+ - :connection
178
+ irc_oper_response:
179
+ - :connection
180
+ - :bool
181
+ ssl_conn_weak:
182
+ - :string
183
+ - :connection
184
+ ssl_conn_established:
185
+ - :connection
186
+ - :count
187
+ - :count
188
+ bad_option:
189
+ - :connection
190
+ pm_request_null:
191
+ - :connection
192
+ content_gap:
193
+ - :connection
194
+ - :bool
195
+ - :count
196
+ - :count
197
+ profiling_update:
198
+ - :file
199
+ - :bool
200
+ irc_names_info:
201
+ - :connection
202
+ - :string
203
+ - :string
204
+ - :string_set
205
+ irc_who_line:
206
+ - :connection
207
+ - :string
208
+ - :string
209
+ - :string
210
+ - :string
211
+ - :string
212
+ - :string
213
+ - :string
214
+ - :count
215
+ - :string
216
+ connection_SYN_packet:
217
+ - :connection
218
+ - :SYN_packet
219
+ dns_TXT_reply:
220
+ - :connection
221
+ - :dns_msg
222
+ - :dns_answer
223
+ new_packet:
224
+ - :connection
225
+ - :pkt_hdr
226
+ remote_log:
227
+ - :count
228
+ - :count
229
+ - :string
230
+ pm_request_set:
231
+ - :connection
232
+ - :pm_mapping
233
+ - :bool
234
+ tcp_option:
235
+ - :connection
236
+ - :bool
237
+ - :count
238
+ - :count
239
+ arp_reply:
240
+ - :string
241
+ - :string
242
+ - :addr
243
+ - :string
244
+ - :addr
245
+ - :string
246
+ netbios_session_accepted:
247
+ - :connection
248
+ - :string
249
+ login_output_line:
250
+ - :connection
251
+ - :string
252
+ software_unparsed_version_found:
253
+ - :connection
254
+ - :addr
255
+ - :string
256
+ software_version_found:
257
+ - :connection
258
+ - :addr
259
+ - :software
260
+ - :string
261
+ irc_invalid_nick:
262
+ - :connection
263
+ telnet_signature_found:
264
+ - :connection
265
+ - :bool
266
+ - :count
267
+ dns_PTR_reply:
268
+ - :connection
269
+ - :dns_msg
270
+ - :dns_answer
271
+ - :string
272
+ http_event:
273
+ - :connection
274
+ - :string
275
+ - :string
276
+ http_begin_entity:
277
+ - :connection
278
+ - :bool
279
+ gnutella_establish:
280
+ - :connection
281
+ pm_bad_port:
282
+ - :connection
283
+ - :count
284
+ connection_finished:
285
+ - :connection
286
+ gnutella_binary_msg:
287
+ - :connection
288
+ - :bool
289
+ - :count
290
+ - :count
291
+ - :count
292
+ - :count
293
+ - :string
294
+ - :count
295
+ - :bool
296
+ - :bool
297
+ connection_first_ACK:
298
+ - :connection
299
+ irc_squery_message:
300
+ - :connection
301
+ - :string
302
+ - :string
303
+ - :string
304
+ ftp_reply:
305
+ - :connection
306
+ - :count
307
+ - :string
308
+ - :bool
309
+ http_content_type:
310
+ - :connection
311
+ - :bool
312
+ - :string
313
+ - :string
314
+ pm_attempt_getport:
315
+ - :connection
316
+ - :count
317
+ - :pm_port_request
318
+ pm_attempt_set:
319
+ - :connection
320
+ - :count
321
+ - :pm_mapping
322
+ interconn_remove_conn:
323
+ - :connection
324
+ partial_connection:
325
+ - :connection
326
+ connection_half_finished:
327
+ - :connection
328
+ icmp_time_exceeded:
329
+ - :connection
330
+ - :icmp_conn
331
+ - :count
332
+ - :icmp_context
333
+ stp_resume_endp:
334
+ - :int
335
+ gnutella_not_establish:
336
+ - :connection
337
+ udp_reply:
338
+ - :connection
339
+ remote_pong:
340
+ - :event_peer
341
+ - :count
342
+ - :interval
343
+ - :interval
344
+ - :interval
345
+ irc_network_info:
346
+ - :connection
347
+ - :count
348
+ - :count
349
+ - :count
350
+ ssh_client_version:
351
+ - :connection
352
+ - :string
353
+ stp_remove_endp:
354
+ - :int
355
+ ssl_certificate_seen:
356
+ - :connection
357
+ - :bool
358
+ ssh_signature_found:
359
+ - :connection
360
+ - :bool
361
+ excessive_line:
362
+ - :connection
363
+ smb_com_write_andx:
364
+ - :connection
365
+ - :string
366
+ smtp_data:
367
+ - :connection
368
+ - :bool
369
+ - :string
370
+ dns_mapping_lost_name:
371
+ - :dns_mapping
372
+ pm_request_unset:
373
+ - :connection
374
+ - :pm_mapping
375
+ - :bool
376
+ ssl_X509_error:
377
+ - :connection
378
+ - :int
379
+ - :string
380
+ nfs_request_getattr:
381
+ - :connection
382
+ - :string
383
+ - :nfs3_attrs
384
+ rsh_request:
385
+ - :connection
386
+ - :string
387
+ - :string
388
+ - :string
389
+ - :bool
390
+ stp_correlate_pair:
391
+ - :int
392
+ - :int
393
+ ssl_conn_reused:
394
+ - :connection
395
+ - :SSL_sessionID
396
+ ident_request:
397
+ - :connection
398
+ - :port
399
+ - :port
400
+ ssl_certificate:
401
+ - :connection
402
+ - :X509
403
+ - :bool
404
+ rpc_call:
405
+ - :connection
406
+ - :count
407
+ - :count
408
+ - :count
409
+ - :count
410
+ - :time
411
+ - :count
412
+ - :count
413
+ nfs_request_fsstat:
414
+ - :connection
415
+ - :string
416
+ - :nfs3_fsstat
417
+ login_display:
418
+ - :connection
419
+ - :string
420
+ dns_A_reply:
421
+ - :connection
422
+ - :dns_msg
423
+ - :dns_answer
424
+ - :addr
425
+ ssl_session_insertion:
426
+ - :connection
427
+ - :SSL_sessionID
428
+ remote_connection_handshake_done:
429
+ - :event_peer
430
+ anonymization_mapping:
431
+ - :addr
432
+ - :addr
433
+ irc_oper_message:
434
+ - :connection
435
+ - :string
436
+ - :string
437
+ irc_whois_user_line:
438
+ - :connection
439
+ - :string
440
+ - :string
441
+ - :string
442
+ - :string
443
+ irc_whois_message:
444
+ - :connection
445
+ - :string
446
+ - :string
447
+ rlogin_signature_found:
448
+ - :connection
449
+ - :bool
450
+ - :count
451
+ - :count
452
+ dns_mapping_new_name:
453
+ - :dns_mapping
454
+ arp_request:
455
+ - :string
456
+ - :string
457
+ - :addr
458
+ - :string
459
+ - :addr
460
+ - :string
461
+ mime_one_header:
462
+ - :connection
463
+ - :mime_header_rec
464
+ udp_request:
465
+ - :connection
466
+ http_message_done:
467
+ - :connection
468
+ - :bool
469
+ - :http_message_stat
470
+ irc_reply:
471
+ - :connection
472
+ - :string
473
+ - :count
474
+ - :string
475
+ gaobot_signature_found:
476
+ - :connection
477
+ mime_all_data:
478
+ - :connection
479
+ - :count
480
+ - :string
481
+ mime_event:
482
+ - :connection
483
+ - :string
484
+ - :string
485
+ conn_stats:
486
+ - :connection
487
+ - :endpoint_stats
488
+ - :endpoint_stats
489
+ dce_rpc_response:
490
+ - :connection
491
+ - :count
492
+ - :string
493
+ bad_arp:
494
+ - :addr
495
+ - :string
496
+ - :addr
497
+ - :string
498
+ - :string
499
+ mime_all_headers:
500
+ - :connection
501
+ - :mime_header_list
502
+ finished_send_state:
503
+ - :event_peer
504
+ pm_attempt_null:
505
+ - :connection
506
+ - :count
507
+ mime_next_entity:
508
+ - :connection
509
+ backdoor_stats:
510
+ - :connection
511
+ - :backdoor_endp_stats
512
+ - :backdoor_endp_stats
513
+ login_prompt:
514
+ - :connection
515
+ - :string
516
+ software_parse_error:
517
+ - :connection
518
+ - :addr
519
+ - :string
520
+ nfs_request_lookup:
521
+ - :connection
522
+ - :nfs3_lookup_args
523
+ - :nfs3_lookup_reply
524
+ http_proxy_signature_found:
525
+ - :connection
526
+ connection_pending:
527
+ - :connection
528
+ irc_enter_message:
529
+ - :connection
530
+ - :string
531
+ - :string
532
+ smb_com_nt_create_andx:
533
+ - :connection
534
+ - :string
535
+ smb_com_tree_connect_andx:
536
+ - :connection
537
+ - :string
538
+ - :string
539
+ nfs_attempt_getattr:
540
+ - :connection
541
+ - :count
542
+ - :string
543
+ irc_error_message:
544
+ - :connection
545
+ - :string
546
+ - :string
547
+ dce_rpc_bind:
548
+ - :connection
549
+ - :string
550
+ connection_EOF:
551
+ - :connection
552
+ - :bool
553
+ interconn_stats:
554
+ - :connection
555
+ - :interconn_endp_stats
556
+ - :interconn_endp_stats
557
+ irc_squit_message:
558
+ - :connection
559
+ - :string
560
+ - :string
561
+ - :string
562
+ dns_EDNS:
563
+ - :connection
564
+ - :dns_msg
565
+ - :dns_answer
566
+ dns_SOA_reply:
567
+ - :connection
568
+ - :dns_msg
569
+ - :dns_answer
570
+ - :dns_soa
571
+ finger_request:
572
+ - :connection
573
+ - :bool
574
+ - :string
575
+ - :string
576
+ nfs_reply_status:
577
+ - :connection
578
+ - :count
579
+ connection_status_update:
580
+ - :connection
581
+ icmp_sent:
582
+ - :connection
583
+ - :icmp_conn
584
+ pop3_reply:
585
+ - :connection
586
+ - :bool
587
+ - :string
588
+ - :string
589
+ irc_notice_message:
590
+ - :connection
591
+ - :string
592
+ - :string
593
+ - :string
594
+ nfs_attempt_lookup:
595
+ - :connection
596
+ - :count
597
+ - :nfs3_lookup_args
598
+ root_backdoor_signature_found:
599
+ - :connection
600
+ process_X509_extensions:
601
+ - :connection
602
+ - :X509_extension
603
+ inconsistent_option:
604
+ - :connection
605
+ finger_reply:
606
+ - :connection
607
+ - :string
608
+ irc_signature_found:
609
+ - :connection
610
+ tcp_packet:
611
+ - :connection
612
+ - :bool
613
+ - :string
614
+ - :count
615
+ - :count
616
+ - :count
617
+ - :string
618
+ mime_end_entity:
619
+ - :connection
620
+ ssl_conn_server_reply:
621
+ - :connection
622
+ - :count
623
+ - :cipher_suites_list
624
+ irc_server_info:
625
+ - :connection
626
+ - :count
627
+ - :count
628
+ - :count
629
+ smb_get_dfs_referral:
630
+ - :connection
631
+ - :count
632
+ - :string
633
+ tcp_rexmit:
634
+ - :connection
635
+ - :bool
636
+ - :count
637
+ - :count
638
+ - :count
639
+ - :count
640
+ rotate_size:
641
+ - :file
642
+ rotate_interval:
643
+ - :file
644
+ print_hook:
645
+ - :file
646
+ - :string
647
+ dns_NS_reply:
648
+ - :connection
649
+ - :dns_msg
650
+ - :dns_answer
651
+ - :string
652
+ http_all_headers:
653
+ - :connection
654
+ - :bool
655
+ - :mime_header_list
656
+ ftp_request:
657
+ - :connection
658
+ - :string
659
+ - :string
660
+ new_connection:
661
+ - :connection
662
+ remote_connection_closed:
663
+ - :event_peer
664
+ irc_kick_message:
665
+ - :connection
666
+ - :string
667
+ - :string
668
+ - :string
669
+ - :string
670
+ irc_join_message:
671
+ - :connection
672
+ - :irc_join_list
673
+ rexmit_inconsistency:
674
+ - :connection
675
+ - :string
676
+ - :string
677
+ pop3_data:
678
+ - :connection
679
+ - :bool
680
+ - :string
681
+ smb_com_read_andx:
682
+ - :connection
683
+ - :string
684
+ http_stats:
685
+ - :connection
686
+ - :http_stats_rec
687
+ nfs_attempt_null:
688
+ - :connection
689
+ - :count
690
+ dns_rejected:
691
+ - :connection
692
+ - :dns_msg
693
+ - :string
694
+ - :count
695
+ - :count
696
+ icmp_unreachable:
697
+ - :connection
698
+ - :icmp_conn
699
+ - :count
700
+ - :icmp_context
701
+ irc_channel_info:
702
+ - :connection
703
+ - :count
704
+ irc_part_message:
705
+ - :connection
706
+ - :string
707
+ - :string_set
708
+ - :string
709
+ dns_CNAME_reply:
710
+ - :connection
711
+ - :dns_msg
712
+ - :dns_answer
713
+ - :string
714
+ pm_request_dump:
715
+ - :connection
716
+ - :pm_mappings
717
+ napster_signature_found:
718
+ - :connection
719
+ pop3_login_success:
720
+ - :connection
721
+ - :bool
722
+ - :string
723
+ - :string
724
+ net_stats_update:
725
+ - :time
726
+ - :net_stats
727
+ smtp_request:
728
+ - :connection
729
+ - :bool
730
+ - :string
731
+ - :string
732
+ connection_established:
733
+ - :connection
734
+ dns_EDNS_addl:
735
+ - :connection
736
+ - :dns_msg
737
+ - :dns_edns_additional
738
+ ftp_signature_found:
739
+ - :connection
740
+ login_confused:
741
+ - :connection
742
+ - :string
743
+ - :string
744
+ rsh_reply:
745
+ - :connection
746
+ - :string
747
+ - :string
748
+ - :string
749
+ ssl_conn_alert:
750
+ - :connection
751
+ - :count
752
+ - :count
753
+ - :count
754
+ irc_mode_message:
755
+ - :connection
756
+ - :string
757
+ - :string
758
+ net_weird:
759
+ - :string
760
+ netbios_session_raw_message:
761
+ - :connection
762
+ - :bool
763
+ - :string
764
+ stp_create_endp:
765
+ - :connection
766
+ - :int
767
+ - :bool
768
+ dns_full_request: []
769
+
770
+ remote_event_registered:
771
+ - :event_peer
772
+ - :string
773
+ signature_match:
774
+ - :signature_state
775
+ - :string
776
+ - :string
777
+ irc_invite_message:
778
+ - :connection
779
+ - :string
780
+ - :string
781
+ - :string
782
+ irc_who_message:
783
+ - :connection
784
+ - :string
785
+ - :bool
786
+ http_signature_found:
787
+ - :connection
788
+ udp_contents:
789
+ - :connection
790
+ - :bool
791
+ - :string
792
+ dns_mapping_name_changed:
793
+ - :dns_mapping
794
+ - :dns_mapping
795
+ dns_MX_reply:
796
+ - :connection
797
+ - :dns_msg
798
+ - :dns_answer
799
+ - :string
800
+ - :count
801
+ remote_capture_filter:
802
+ - :event_peer
803
+ - :string
804
+ ident_reply:
805
+ - :connection
806
+ - :port
807
+ - :port
808
+ - :string
809
+ - :string
810
+ non_dns_request:
811
+ - :connection
812
+ - :string
813
+ ncp_reply:
814
+ - :connection
815
+ - :count
816
+ - :count
817
+ - :count
818
+ - :count
819
+ - :count
820
+ load_sample:
821
+ - :load_sample_info
822
+ - :interval
823
+ - :int
824
+ dns_mapping_unverified:
825
+ - :dns_mapping
826
+ netbios_session_keepalive:
827
+ - :connection
828
+ - :string
829
+ authentication_rejected:
830
+ - :string
831
+ - :connection
832
+ mime_begin_entity:
833
+ - :connection
834
+ ssh_server_version:
835
+ - :connection
836
+ - :string
837
+ irc_quit_message:
838
+ - :connection
839
+ - :string
840
+ - :string
841
+ connection_timeout:
842
+ - :connection
843
+ smtp_reply:
844
+ - :connection
845
+ - :bool
846
+ - :count
847
+ - :string
848
+ - :string
849
+ - :bool
850
+ dce_rpc_message:
851
+ - :connection
852
+ - :bool
853
+ - :dce_rpc_ptype
854
+ - :string
855
+ http_reply:
856
+ - :connection
857
+ - :string
858
+ - :count
859
+ - :string
860
+ flow_weird:
861
+ - :string
862
+ - :addr
863
+ - :addr
864
+ packet_contents:
865
+ - :connection
866
+ - :string
867
+ pm_attempt_unset:
868
+ - :connection
869
+ - :count
870
+ - :pm_mapping
871
+ smtp_unexpected:
872
+ - :connection
873
+ - :bool
874
+ - :string
875
+ - :string
876
+ gnutella_http_notify:
877
+ - :connection
878
+ dns_TSIG_addl:
879
+ - :connection
880
+ - :dns_msg
881
+ - :dns_tsig_additional
882
+ backdoor_remove_conn:
883
+ - :connection
884
+ mime_entity_data:
885
+ - :connection
886
+ - :count
887
+ - :string
888
+ dce_rpc_request:
889
+ - :connection
890
+ - :count
891
+ - :string
892
+ tcp_contents:
893
+ - :connection
894
+ - :bool
895
+ - :count
896
+ - :string
897
+ netbios_session_rejected:
898
+ - :connection
899
+ - :string
900
+ dns_SRV_reply:
901
+ - :connection
902
+ - :dns_msg
903
+ - :dns_answer
904
+ nfs_request_null:
905
+ - :connection
906
+ connection_state_remove:
907
+ - :connection
908
+ http_entity_data:
909
+ - :connection
910
+ - :bool
911
+ - :count
912
+ - :string
913
+ icmp_echo_reply:
914
+ - :connection
915
+ - :icmp_conn
916
+ - :count
917
+ - :count
918
+ - :string
919
+ gnutella_partial_binary_msg:
920
+ - :connection
921
+ - :bool
922
+ - :string
923
+ - :count
924
+ activating_encryption:
925
+ - :connection
926
+ login_success:
927
+ - :connection
928
+ - :string
929
+ - :string
930
+ - :string
931
+ - :string
932
+ connection_reused:
933
+ - :connection
934
+ smb_message:
935
+ - :connection
936
+ - :bool
937
+ - :string
938
+ - :count
939
+ authentication_skipped:
940
+ - :connection
941
+ mime_segment_data:
942
+ - :connection
943
+ - :count
944
+ - :string
945
+ remote_connection_established:
946
+ - :event_peer
947
+ ident_error:
948
+ - :connection
949
+ - :port
950
+ - :port
951
+ - :string
952
+ netbios_session_ret_arg_resp:
953
+ - :connection
954
+ - :string
955
+ stp_remove_pair:
956
+ - :int
957
+ - :int
958
+ mime_content_hash:
959
+ - :connection
960
+ - :count
961
+ - :string
962
+ pm_attempt_dump:
963
+ - :connection
964
+ - :count
965
+ remote_state_inconsistency:
966
+ - :string
967
+ - :string
968
+ - :string
969
+ - :string
970
+ connection_attempt:
971
+ - :connection
972
+ http_header:
973
+ - :connection
974
+ - :bool
975
+ - :string
976
+ - :string
977
+ dns_message:
978
+ - :connection
979
+ - :bool
980
+ - :dns_msg
981
+ - :count
982
+ ssl_conn_attempt:
983
+ - :connection
984
+ - :count
985
+ - :cipher_suites_list
986
+ login_terminal:
987
+ - :connection
988
+ - :string
989
+ pm_request_callit:
990
+ - :connection
991
+ - :pm_callit_request
992
+ - :port
993
+ smb_com_transaction:
994
+ - :connection
995
+ - :bool
996
+ - :count
997
+ - :string
998
+ - :string
999
+ dns_HINFO_reply:
1000
+ - :connection
1001
+ - :dns_msg
1002
+ - :dns_answer
1003
+ gnutella_text_msg:
1004
+ - :connection
1005
+ - :bool
1006
+ - :string
1007
+ dns_WKS_reply:
1008
+ - :connection
1009
+ - :dns_msg
1010
+ - :dns_answer