base/bif/file_analysis.bif.zeek

Files
GLOBAL

Internal functions and types used by the file analysis framework.

Namespaces

Files, GLOBAL

Summary

Functions

Files::__add_analyzer: function

Files::add_analyzer.

Files::__analyzer_enabled: function

Files::analyzer_enabled.

Files::__analyzer_name: function

Files::analyzer_name.

Files::__disable_analyzer: function

Files::disable_analyzer.

Files::__disable_reassembly: function

Files::disable_reassembly.

Files::__enable_analyzer: function

Files::enable_analyzer.

Files::__enable_reassembly: function

Files::enable_reassembly.

Files::__file_exists: function

Files::file_exists.

Files::__lookup_file: function

Files::lookup_file.

Files::__remove_analyzer: function

Files::remove_analyzer.

Files::__set_reassembly_buffer: function

Files::set_reassembly_buffer_size.

Files::__set_timeout_interval: function

Files::set_timeout_interval.

Files::__stop: function

Files::stop.

set_file_handle: function

For use within a get_file_handle handler to set a unique identifier to associate with the current input to the file analysis framework.

Detailed Interface

Functions

Files::__add_analyzer
Type

function (file_id: string, tag: Files::Tag, args: any) : bool

Files::add_analyzer.

Files::__analyzer_enabled
Type

function (tag: Files::Tag) : bool

Files::analyzer_enabled.

Files::__analyzer_name
Type

function (tag: Files::Tag) : string

Files::analyzer_name.

Files::__disable_analyzer
Type

function (tag: Files::Tag) : bool

Files::disable_analyzer.

Files::__disable_reassembly
Type

function (file_id: string) : bool

Files::disable_reassembly.

Files::__enable_analyzer
Type

function (tag: Files::Tag) : bool

Files::enable_analyzer.

Files::__enable_reassembly
Type

function (file_id: string) : bool

Files::enable_reassembly.

Files::__file_exists
Type

function (fuid: string) : bool

Files::file_exists.

Files::__lookup_file
Type

function (fuid: string) : fa_file

Files::lookup_file.

Files::__remove_analyzer
Type

function (file_id: string, tag: Files::Tag, args: any) : bool

Files::remove_analyzer.

Files::__set_reassembly_buffer
Type

function (file_id: string, max: count) : bool

Files::set_reassembly_buffer_size.

Files::__set_timeout_interval
Type

function (file_id: string, t: interval) : bool

Files::set_timeout_interval.

Files::__stop
Type

function (file_id: string) : bool

Files::stop.

set_file_handle
Type

function (handle: string) : any

For use within a get_file_handle handler to set a unique identifier to associate with the current input to the file analysis framework. Using an empty string for the handle signifies that the input will be ignored/discarded.

Parameters

handle – A string that uniquely identifies a file.

See also: get_file_handle