rbroccoli 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. data/MIT-LICENSE +21 -0
  2. data/README +40 -0
  3. data/data/bro/callback-typemaps.yml +1010 -0
  4. data/data/bro/record-typemaps.yml +332 -0
  5. data/ext/broccoli_ext/autogen.sh +3 -0
  6. data/ext/broccoli_ext/broccoli.i +463 -0
  7. data/ext/broccoli_ext/broccoli_wrap.c +4213 -0
  8. data/ext/broccoli_ext/extconf.rb +15 -0
  9. data/ext/broccoli_ext/post-clean.rb +3 -0
  10. data/ext/broccoli_ext/pre-config.rb +5 -0
  11. data/ext/broccoli_ext/test/broconftest.rb +12 -0
  12. data/ext/broccoli_ext/test/test.rb +174 -0
  13. data/lib/Bro/connection.rb +73 -0
  14. data/lib/Bro/event.rb +34 -0
  15. data/lib/Bro/record.rb +60 -0
  16. data/lib/Bro/typemap.rb +158 -0
  17. data/lib/bro.rb +105 -0
  18. metadata +64 -0
data/MIT-LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ Copyright (c) 2006 Seth Hall
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
+
data/README ADDED
@@ -0,0 +1,40 @@
1
+ About
2
+ ---
3
+ This is the rBroccoli extension for ruby which provides access to the
4
+ Broccoli API. Broccoli is a library for communicating with the Bro Intrusion
5
+ Detection System. Broccoli is distributed with ruby now, so I'm going to be
6
+ releasing versions of rBroccoli that target bro version.
7
+
8
+ Bro: http://www.bro-ids.org
9
+ Broccoli: http://www.cl.cam.ac.uk/~cpk25/broccoli/
10
+
11
+ Install
12
+ ---
13
+ To install the extension
14
+ 1. Make sure that the broccoli-config binary is in your path.
15
+ 2. Run, "sudo ruby setup.rb"
16
+
17
+ To install the extension as a gem
18
+ 1. Make sure that the broccoli-config binary is in your path.
19
+ 2. Run, "sudo gem install rbroccoli"
20
+ (you don't need to download anything ahead of time)
21
+
22
+ Usage
23
+ ---
24
+ There aren't really any useful docs yet. Your best bet currently is
25
+ to to read through the examples.
26
+
27
+ One thing I should mention however is that I haven't done any optimization
28
+ yet. You may find that if you write code that is going to be sending or
29
+ receiving extremely large numbers of events, that it won't run fast enough and
30
+ will begin to fall behind the bro server. The dns_requests.rb example is
31
+ a good performance test if your bro server is sitting on a network with many
32
+ dns lookups.
33
+
34
+
35
+ Contact
36
+ ---
37
+ If you have a question/comment/patch, email me at:
38
+ seth@remor.com
39
+ or
40
+ seth@net.ohio-state.edu
data/data/bro/callback-typemaps.yml ADDED
@@ -0,0 +1,1010 @@
1
+ # This file was autogenerated on Tue Aug 22 15:06:06 EDT 2006
2
+ # Please do not edit!
3
+ ---
4
+ OS_version_found:
5
+ - :connection
6
+ - :addr
7
+ - :OS_version
8
+ ack_above_hole:
9
+ - :connection
10
+ dns_mapping_valid:
11
+ - :dns_mapping
12
+ smtp_signature_found:
13
+ - :connection
14
+ nfs_attempt_fsstat:
15
+ - :connection
16
+ - :count
17
+ - :string
18
+ irc_dcc_message:
19
+ - :connection
20
+ - :string
21
+ - :string
22
+ - :string
23
+ - :string
24
+ - :addr
25
+ - :count
26
+ - :count
27
+ irc_whois_operator_line:
28
+ - :connection
29
+ - :string
30
+ irc_privmsg_message:
31
+ - :connection
32
+ - :string
33
+ - :string
34
+ - :string
35
+ dns_request:
36
+ - :connection
37
+ - :dns_msg
38
+ - :string
39
+ - :count
40
+ - :count
41
+ bad_option_termination:
42
+ - :connection
43
+ dns_mapping_altered:
44
+ - :dns_mapping
45
+ - :addr_set
46
+ - :addr_set
47
+ login_confused_text:
48
+ - :connection
49
+ - :string
50
+ irc_message:
51
+ - :connection
52
+ - :string
53
+ - :string
54
+ - :string
55
+ gnutella_signature_found:
56
+ - :connection
57
+ ncp_request:
58
+ - :connection
59
+ - :count
60
+ - :count
61
+ - :count
62
+ pop3_login_failure:
63
+ - :connection
64
+ - :bool
65
+ - :string
66
+ - :string
67
+ login_input_line:
68
+ - :connection
69
+ - :string
70
+ remote_connection_error:
71
+ - :event_peer
72
+ - :string
73
+ epm_map_response:
74
+ - :connection
75
+ - :string
76
+ - :port
77
+ - :addr
78
+ conn_weird_addl:
79
+ - :string
80
+ - :connection
81
+ - :string
82
+ udp_session_done:
83
+ - :connection
84
+ login_failure:
85
+ - :connection
86
+ - :string
87
+ - :string
88
+ - :string
89
+ - :string
90
+ http_request:
91
+ - :connection
92
+ - :string
93
+ - :string
94
+ - :string
95
+ - :string
96
+ irc_nick_message:
97
+ - :connection
98
+ - :string
99
+ - :string
100
+ ntp_message:
101
+ - :connection
102
+ - :ntp_msg
103
+ - :string
104
+ pop3_terminate:
105
+ - :connection
106
+ - :bool
107
+ - :string
108
+ pm_attempt_callit:
109
+ - :connection
110
+ - :count
111
+ - :pm_callit_request
112
+ irc_request:
113
+ - :connection
114
+ - :string
115
+ - :string
116
+ - :string
117
+ connection_reset:
118
+ - :connection
119
+ bro_done: []
120
+
121
+ kazaa_signature_found:
122
+ - :connection
123
+ pm_request_getport:
124
+ - :connection
125
+ - :pm_port_request
126
+ - :port
127
+ http_end_entity:
128
+ - :connection
129
+ - :bool
130
+ connection_rejected:
131
+ - :connection
132
+ netbios_session_message:
133
+ - :connection
134
+ - :bool
135
+ - :count
136
+ - :count
137
+ smb_com_transaction2:
138
+ - :connection
139
+ - :bool
140
+ - :count
141
+ - :string
142
+ - :string
143
+ connection_partial_close:
144
+ - :connection
145
+ irc_whois_channel_line:
146
+ - :connection
147
+ - :string
148
+ - :string_set
149
+ pop3_request:
150
+ - :connection
151
+ - :bool
152
+ - :string
153
+ - :string
154
+ icmp_echo_request:
155
+ - :connection
156
+ - :icmp_conn
157
+ - :count
158
+ - :count
159
+ - :string
160
+ pop3_unexpected:
161
+ - :connection
162
+ - :bool
163
+ - :string
164
+ - :string
165
+ new_connection_contents:
166
+ - :connection
167
+ authentication_accepted:
168
+ - :string
169
+ - :connection
170
+ netbios_session_request:
171
+ - :connection
172
+ - :string
173
+ bro_init: []
174
+
175
+ conn_weird:
176
+ - :string
177
+ - :connection
178
+ irc_oper_response:
179
+ - :connection
180
+ - :bool
181
+ ssl_conn_weak:
182
+ - :string
183
+ - :connection
184
+ ssl_conn_established:
185
+ - :connection
186
+ - :count
187
+ - :count
188
+ bad_option:
189
+ - :connection
190
+ pm_request_null:
191
+ - :connection
192
+ content_gap:
193
+ - :connection
194
+ - :bool
195
+ - :count
196
+ - :count
197
+ profiling_update:
198
+ - :file
199
+ - :bool
200
+ irc_names_info:
201
+ - :connection
202
+ - :string
203
+ - :string
204
+ - :string_set
205
+ irc_who_line:
206
+ - :connection
207
+ - :string
208
+ - :string
209
+ - :string
210
+ - :string
211
+ - :string
212
+ - :string
213
+ - :string
214
+ - :count
215
+ - :string
216
+ connection_SYN_packet:
217
+ - :connection
218
+ - :SYN_packet
219
+ dns_TXT_reply:
220
+ - :connection
221
+ - :dns_msg
222
+ - :dns_answer
223
+ new_packet:
224
+ - :connection
225
+ - :pkt_hdr
226
+ remote_log:
227
+ - :count
228
+ - :count
229
+ - :string
230
+ pm_request_set:
231
+ - :connection
232
+ - :pm_mapping
233
+ - :bool
234
+ tcp_option:
235
+ - :connection
236
+ - :bool
237
+ - :count
238
+ - :count
239
+ arp_reply:
240
+ - :string
241
+ - :string
242
+ - :addr
243
+ - :string
244
+ - :addr
245
+ - :string
246
+ netbios_session_accepted:
247
+ - :connection
248
+ - :string
249
+ login_output_line:
250
+ - :connection
251
+ - :string
252
+ software_unparsed_version_found:
253
+ - :connection
254
+ - :addr
255
+ - :string
256
+ software_version_found:
257
+ - :connection
258
+ - :addr
259
+ - :software
260
+ - :string
261
+ irc_invalid_nick:
262
+ - :connection
263
+ telnet_signature_found:
264
+ - :connection
265
+ - :bool
266
+ - :count
267
+ dns_PTR_reply:
268
+ - :connection
269
+ - :dns_msg
270
+ - :dns_answer
271
+ - :string
272
+ http_event:
273
+ - :connection
274
+ - :string
275
+ - :string
276
+ http_begin_entity:
277
+ - :connection
278
+ - :bool
279
+ gnutella_establish:
280
+ - :connection
281
+ pm_bad_port:
282
+ - :connection
283
+ - :count
284
+ connection_finished:
285
+ - :connection
286
+ gnutella_binary_msg:
287
+ - :connection
288
+ - :bool
289
+ - :count
290
+ - :count
291
+ - :count
292
+ - :count
293
+ - :string
294
+ - :count
295
+ - :bool
296
+ - :bool
297
+ connection_first_ACK:
298
+ - :connection
299
+ irc_squery_message:
300
+ - :connection
301
+ - :string
302
+ - :string
303
+ - :string
304
+ ftp_reply:
305
+ - :connection
306
+ - :count
307
+ - :string
308
+ - :bool
309
+ http_content_type:
310
+ - :connection
311
+ - :bool
312
+ - :string
313
+ - :string
314
+ pm_attempt_getport:
315
+ - :connection
316
+ - :count
317
+ - :pm_port_request
318
+ pm_attempt_set:
319
+ - :connection
320
+ - :count
321
+ - :pm_mapping
322
+ interconn_remove_conn:
323
+ - :connection
324
+ partial_connection:
325
+ - :connection
326
+ connection_half_finished:
327
+ - :connection
328
+ icmp_time_exceeded:
329
+ - :connection
330
+ - :icmp_conn
331
+ - :count
332
+ - :icmp_context
333
+ stp_resume_endp:
334
+ - :int
335
+ gnutella_not_establish:
336
+ - :connection
337
+ udp_reply:
338
+ - :connection
339
+ remote_pong:
340
+ - :event_peer
341
+ - :count
342
+ - :interval
343
+ - :interval
344
+ - :interval
345
+ irc_network_info:
346
+ - :connection
347
+ - :count
348
+ - :count
349
+ - :count
350
+ ssh_client_version:
351
+ - :connection
352
+ - :string
353
+ stp_remove_endp:
354
+ - :int
355
+ ssl_certificate_seen:
356
+ - :connection
357
+ - :bool
358
+ ssh_signature_found:
359
+ - :connection
360
+ - :bool
361
+ excessive_line:
362
+ - :connection
363
+ smb_com_write_andx:
364
+ - :connection
365
+ - :string
366
+ smtp_data:
367
+ - :connection
368
+ - :bool
369
+ - :string
370
+ dns_mapping_lost_name:
371
+ - :dns_mapping
372
+ pm_request_unset:
373
+ - :connection
374
+ - :pm_mapping
375
+ - :bool
376
+ ssl_X509_error:
377
+ - :connection
378
+ - :int
379
+ - :string
380
+ nfs_request_getattr:
381
+ - :connection
382
+ - :string
383
+ - :nfs3_attrs
384
+ rsh_request:
385
+ - :connection
386
+ - :string
387
+ - :string
388
+ - :string
389
+ - :bool
390
+ stp_correlate_pair:
391
+ - :int
392
+ - :int
393
+ ssl_conn_reused:
394
+ - :connection
395
+ - :SSL_sessionID
396
+ ident_request:
397
+ - :connection
398
+ - :port
399
+ - :port
400
+ ssl_certificate:
401
+ - :connection
402
+ - :X509
403
+ - :bool
404
+ rpc_call:
405
+ - :connection
406
+ - :count
407
+ - :count
408
+ - :count
409
+ - :count
410
+ - :time
411
+ - :count
412
+ - :count
413
+ nfs_request_fsstat:
414
+ - :connection
415
+ - :string
416
+ - :nfs3_fsstat
417
+ login_display:
418
+ - :connection
419
+ - :string
420
+ dns_A_reply:
421
+ - :connection
422
+ - :dns_msg
423
+ - :dns_answer
424
+ - :addr
425
+ ssl_session_insertion:
426
+ - :connection
427
+ - :SSL_sessionID
428
+ remote_connection_handshake_done:
429
+ - :event_peer
430
+ anonymization_mapping:
431
+ - :addr
432
+ - :addr
433
+ irc_oper_message:
434
+ - :connection
435
+ - :string
436
+ - :string
437
+ irc_whois_user_line:
438
+ - :connection
439
+ - :string
440
+ - :string
441
+ - :string
442
+ - :string
443
+ irc_whois_message:
444
+ - :connection
445
+ - :string
446
+ - :string
447
+ rlogin_signature_found:
448
+ - :connection
449
+ - :bool
450
+ - :count
451
+ - :count
452
+ dns_mapping_new_name:
453
+ - :dns_mapping
454
+ arp_request:
455
+ - :string
456
+ - :string
457
+ - :addr
458
+ - :string
459
+ - :addr
460
+ - :string
461
+ mime_one_header:
462
+ - :connection
463
+ - :mime_header_rec
464
+ udp_request:
465
+ - :connection
466
+ http_message_done:
467
+ - :connection
468
+ - :bool
469
+ - :http_message_stat
470
+ irc_reply:
471
+ - :connection
472
+ - :string
473
+ - :count
474
+ - :string
475
+ gaobot_signature_found:
476
+ - :connection
477
+ mime_all_data:
478
+ - :connection
479
+ - :count
480
+ - :string
481
+ mime_event:
482
+ - :connection
483
+ - :string
484
+ - :string
485
+ conn_stats:
486
+ - :connection
487
+ - :endpoint_stats
488
+ - :endpoint_stats
489
+ dce_rpc_response:
490
+ - :connection
491
+ - :count
492
+ - :string
493
+ bad_arp:
494
+ - :addr
495
+ - :string
496
+ - :addr
497
+ - :string
498
+ - :string
499
+ mime_all_headers:
500
+ - :connection
501
+ - :mime_header_list
502
+ finished_send_state:
503
+ - :event_peer
504
+ pm_attempt_null:
505
+ - :connection
506
+ - :count
507
+ mime_next_entity:
508
+ - :connection
509
+ backdoor_stats:
510
+ - :connection
511
+ - :backdoor_endp_stats
512
+ - :backdoor_endp_stats
513
+ login_prompt:
514
+ - :connection
515
+ - :string
516
+ software_parse_error:
517
+ - :connection
518
+ - :addr
519
+ - :string
520
+ nfs_request_lookup:
521
+ - :connection
522
+ - :nfs3_lookup_args
523
+ - :nfs3_lookup_reply
524
+ http_proxy_signature_found:
525
+ - :connection
526
+ connection_pending:
527
+ - :connection
528
+ irc_enter_message:
529
+ - :connection
530
+ - :string
531
+ - :string
532
+ smb_com_nt_create_andx:
533
+ - :connection
534
+ - :string
535
+ smb_com_tree_connect_andx:
536
+ - :connection
537
+ - :string
538
+ - :string
539
+ nfs_attempt_getattr:
540
+ - :connection
541
+ - :count
542
+ - :string
543
+ irc_error_message:
544
+ - :connection
545
+ - :string
546
+ - :string
547
+ dce_rpc_bind:
548
+ - :connection
549
+ - :string
550
+ connection_EOF:
551
+ - :connection
552
+ - :bool
553
+ interconn_stats:
554
+ - :connection
555
+ - :interconn_endp_stats
556
+ - :interconn_endp_stats
557
+ irc_squit_message:
558
+ - :connection
559
+ - :string
560
+ - :string
561
+ - :string
562
+ dns_EDNS:
563
+ - :connection
564
+ - :dns_msg
565
+ - :dns_answer
566
+ dns_SOA_reply:
567
+ - :connection
568
+ - :dns_msg
569
+ - :dns_answer
570
+ - :dns_soa
571
+ finger_request:
572
+ - :connection
573
+ - :bool
574
+ - :string
575
+ - :string
576
+ nfs_reply_status:
577
+ - :connection
578
+ - :count
579
+ connection_status_update:
580
+ - :connection
581
+ icmp_sent:
582
+ - :connection
583
+ - :icmp_conn
584
+ pop3_reply:
585
+ - :connection
586
+ - :bool
587
+ - :string
588
+ - :string
589
+ irc_notice_message:
590
+ - :connection
591
+ - :string
592
+ - :string
593
+ - :string
594
+ nfs_attempt_lookup:
595
+ - :connection
596
+ - :count
597
+ - :nfs3_lookup_args
598
+ root_backdoor_signature_found:
599
+ - :connection
600
+ process_X509_extensions:
601
+ - :connection
602
+ - :X509_extension
603
+ inconsistent_option:
604
+ - :connection
605
+ finger_reply:
606
+ - :connection
607
+ - :string
608
+ irc_signature_found:
609
+ - :connection
610
+ tcp_packet:
611
+ - :connection
612
+ - :bool
613
+ - :string
614
+ - :count
615
+ - :count
616
+ - :count
617
+ - :string
618
+ mime_end_entity:
619
+ - :connection
620
+ ssl_conn_server_reply:
621
+ - :connection
622
+ - :count
623
+ - :cipher_suites_list
624
+ irc_server_info:
625
+ - :connection
626
+ - :count
627
+ - :count
628
+ - :count
629
+ smb_get_dfs_referral:
630
+ - :connection
631
+ - :count
632
+ - :string
633
+ tcp_rexmit:
634
+ - :connection
635
+ - :bool
636
+ - :count
637
+ - :count
638
+ - :count
639
+ - :count
640
+ rotate_size:
641
+ - :file
642
+ rotate_interval:
643
+ - :file
644
+ print_hook:
645
+ - :file
646
+ - :string
647
+ dns_NS_reply:
648
+ - :connection
649
+ - :dns_msg
650
+ - :dns_answer
651
+ - :string
652
+ http_all_headers:
653
+ - :connection
654
+ - :bool
655
+ - :mime_header_list
656
+ ftp_request:
657
+ - :connection
658
+ - :string
659
+ - :string
660
+ new_connection:
661
+ - :connection
662
+ remote_connection_closed:
663
+ - :event_peer
664
+ irc_kick_message:
665
+ - :connection
666
+ - :string
667
+ - :string
668
+ - :string
669
+ - :string
670
+ irc_join_message:
671
+ - :connection
672
+ - :irc_join_list
673
+ rexmit_inconsistency:
674
+ - :connection
675
+ - :string
676
+ - :string
677
+ pop3_data:
678
+ - :connection
679
+ - :bool
680
+ - :string
681
+ smb_com_read_andx:
682
+ - :connection
683
+ - :string
684
+ http_stats:
685
+ - :connection
686
+ - :http_stats_rec
687
+ nfs_attempt_null:
688
+ - :connection
689
+ - :count
690
+ dns_rejected:
691
+ - :connection
692
+ - :dns_msg
693
+ - :string
694
+ - :count
695
+ - :count
696
+ icmp_unreachable:
697
+ - :connection
698
+ - :icmp_conn
699
+ - :count
700
+ - :icmp_context
701
+ irc_channel_info:
702
+ - :connection
703
+ - :count
704
+ irc_part_message:
705
+ - :connection
706
+ - :string
707
+ - :string_set
708
+ - :string
709
+ dns_CNAME_reply:
710
+ - :connection
711
+ - :dns_msg
712
+ - :dns_answer
713
+ - :string
714
+ pm_request_dump:
715
+ - :connection
716
+ - :pm_mappings
717
+ napster_signature_found:
718
+ - :connection
719
+ pop3_login_success:
720
+ - :connection
721
+ - :bool
722
+ - :string
723
+ - :string
724
+ net_stats_update:
725
+ - :time
726
+ - :net_stats
727
+ smtp_request:
728
+ - :connection
729
+ - :bool
730
+ - :string
731
+ - :string
732
+ connection_established:
733
+ - :connection
734
+ dns_EDNS_addl:
735
+ - :connection
736
+ - :dns_msg
737
+ - :dns_edns_additional
738
+ ftp_signature_found:
739
+ - :connection
740
+ login_confused:
741
+ - :connection
742
+ - :string
743
+ - :string
744
+ rsh_reply:
745
+ - :connection
746
+ - :string
747
+ - :string
748
+ - :string
749
+ ssl_conn_alert:
750
+ - :connection
751
+ - :count
752
+ - :count
753
+ - :count
754
+ irc_mode_message:
755
+ - :connection
756
+ - :string
757
+ - :string
758
+ net_weird:
759
+ - :string
760
+ netbios_session_raw_message:
761
+ - :connection
762
+ - :bool
763
+ - :string
764
+ stp_create_endp:
765
+ - :connection
766
+ - :int
767
+ - :bool
768
+ dns_full_request: []
769
+
770
+ remote_event_registered:
771
+ - :event_peer
772
+ - :string
773
+ signature_match:
774
+ - :signature_state
775
+ - :string
776
+ - :string
777
+ irc_invite_message:
778
+ - :connection
779
+ - :string
780
+ - :string
781
+ - :string
782
+ irc_who_message:
783
+ - :connection
784
+ - :string
785
+ - :bool
786
+ http_signature_found:
787
+ - :connection
788
+ udp_contents:
789
+ - :connection
790
+ - :bool
791
+ - :string
792
+ dns_mapping_name_changed:
793
+ - :dns_mapping
794
+ - :dns_mapping
795
+ dns_MX_reply:
796
+ - :connection
797
+ - :dns_msg
798
+ - :dns_answer
799
+ - :string
800
+ - :count
801
+ remote_capture_filter:
802
+ - :event_peer
803
+ - :string
804
+ ident_reply:
805
+ - :connection
806
+ - :port
807
+ - :port
808
+ - :string
809
+ - :string
810
+ non_dns_request:
811
+ - :connection
812
+ - :string
813
+ ncp_reply:
814
+ - :connection
815
+ - :count
816
+ - :count
817
+ - :count
818
+ - :count
819
+ - :count
820
+ load_sample:
821
+ - :load_sample_info
822
+ - :interval
823
+ - :int
824
+ dns_mapping_unverified:
825
+ - :dns_mapping
826
+ netbios_session_keepalive:
827
+ - :connection
828
+ - :string
829
+ authentication_rejected:
830
+ - :string
831
+ - :connection
832
+ mime_begin_entity:
833
+ - :connection
834
+ ssh_server_version:
835
+ - :connection
836
+ - :string
837
+ irc_quit_message:
838
+ - :connection
839
+ - :string
840
+ - :string
841
+ connection_timeout:
842
+ - :connection
843
+ smtp_reply:
844
+ - :connection
845
+ - :bool
846
+ - :count
847
+ - :string
848
+ - :string
849
+ - :bool
850
+ dce_rpc_message:
851
+ - :connection
852
+ - :bool
853
+ - :dce_rpc_ptype
854
+ - :string
855
+ http_reply:
856
+ - :connection
857
+ - :string
858
+ - :count
859
+ - :string
860
+ flow_weird:
861
+ - :string
862
+ - :addr
863
+ - :addr
864
+ packet_contents:
865
+ - :connection
866
+ - :string
867
+ pm_attempt_unset:
868
+ - :connection
869
+ - :count
870
+ - :pm_mapping
871
+ smtp_unexpected:
872
+ - :connection
873
+ - :bool
874
+ - :string
875
+ - :string
876
+ gnutella_http_notify:
877
+ - :connection
878
+ dns_TSIG_addl:
879
+ - :connection
880
+ - :dns_msg
881
+ - :dns_tsig_additional
882
+ backdoor_remove_conn:
883
+ - :connection
884
+ mime_entity_data:
885
+ - :connection
886
+ - :count
887
+ - :string
888
+ dce_rpc_request:
889
+ - :connection
890
+ - :count
891
+ - :string
892
+ tcp_contents:
893
+ - :connection
894
+ - :bool
895
+ - :count
896
+ - :string
897
+ netbios_session_rejected:
898
+ - :connection
899
+ - :string
900
+ dns_SRV_reply:
901
+ - :connection
902
+ - :dns_msg
903
+ - :dns_answer
904
+ nfs_request_null:
905
+ - :connection
906
+ connection_state_remove:
907
+ - :connection
908
+ http_entity_data:
909
+ - :connection
910
+ - :bool
911
+ - :count
912
+ - :string
913
+ icmp_echo_reply:
914
+ - :connection
915
+ - :icmp_conn
916
+ - :count
917
+ - :count
918
+ - :string
919
+ gnutella_partial_binary_msg:
920
+ - :connection
921
+ - :bool
922
+ - :string
923
+ - :count
924
+ activating_encryption:
925
+ - :connection
926
+ login_success:
927
+ - :connection
928
+ - :string
929
+ - :string
930
+ - :string
931
+ - :string
932
+ connection_reused:
933
+ - :connection
934
+ smb_message:
935
+ - :connection
936
+ - :bool
937
+ - :string
938
+ - :count
939
+ authentication_skipped:
940
+ - :connection
941
+ mime_segment_data:
942
+ - :connection
943
+ - :count
944
+ - :string
945
+ remote_connection_established:
946
+ - :event_peer
947
+ ident_error:
948
+ - :connection
949
+ - :port
950
+ - :port
951
+ - :string
952
+ netbios_session_ret_arg_resp:
953
+ - :connection
954
+ - :string
955
+ stp_remove_pair:
956
+ - :int
957
+ - :int
958
+ mime_content_hash:
959
+ - :connection
960
+ - :count
961
+ - :string
962
+ pm_attempt_dump:
963
+ - :connection
964
+ - :count
965
+ remote_state_inconsistency:
966
+ - :string
967
+ - :string
968
+ - :string
969
+ - :string
970
+ connection_attempt:
971
+ - :connection
972
+ http_header:
973
+ - :connection
974
+ - :bool
975
+ - :string
976
+ - :string
977
+ dns_message:
978
+ - :connection
979
+ - :bool
980
+ - :dns_msg
981
+ - :count
982
+ ssl_conn_attempt:
983
+ - :connection
984
+ - :count
985
+ - :cipher_suites_list
986
+ login_terminal:
987
+ - :connection
988
+ - :string
989
+ pm_request_callit:
990
+ - :connection
991
+ - :pm_callit_request
992
+ - :port
993
+ smb_com_transaction:
994
+ - :connection
995
+ - :bool
996
+ - :count
997
+ - :string
998
+ - :string
999
+ dns_HINFO_reply:
1000
+ - :connection
1001
+ - :dns_msg
1002
+ - :dns_answer
1003
+ gnutella_text_msg:
1004
+ - :connection
1005
+ - :bool
1006
+ - :string
1007
+ dns_WKS_reply:
1008
+ - :connection
1009
+ - :dns_msg
1010
+ - :dns_answer