Zeek Logo
v7.2.0

Table of Contents

  • About Zeek
    • What Is Zeek?
    • Why Zeek?
    • History
    • Architecture
  • Monitoring With Zeek
    • Detection and Response Workflow
    • Instrumentation and Collection
    • Storage and Review
  • Get Started
    • Installing Zeek
      • Docker Images
      • Binary Packages
        • Linux
        • macOS
        • FreeBSD
        • OpenBSD
      • Building from Source
        • Required Dependencies
        • Optional Dependencies
        • Retrieving the Sources
        • Configuring and Building
        • Cross Compiling
      • Configuring the Run-Time Environment
    • Quick Start Guide
      • Managing Zeek with ZeekControl
        • A Minimal Starting Configuration
        • Browsing Log Files
        • Filesystem Walkthrough
      • Zeek as a Command-Line Utility
        • Monitoring Live Traffic
        • Reading Packet Capture (pcap) Files
        • Tracing Events
        • Telling Zeek Which Scripts to Load
        • Local Site Customization
        • Running Zeek Without Installing
      • Next Steps
    • Zeek Cluster Setup
      • Cluster Architecture
        • Architecture
        • Frontend Options
      • Cluster Configuration
        • Preparing to Setup a Cluster
        • Basic Cluster Configuration
        • AF_PACKET Cluster Configuration
        • PF_RING Cluster Configuration
  • Zeek Log Formats and Inspection
    • Working with a Sample Trace
    • Zeek TSV Format Logs
    • Zeek TSV Format and awk
    • Zeek TSV Format and zeek-cut
    • Zeek JSON Format Logs
    • Zeek JSON Format and jq
    • Conclusion
  • Zeek Logs
    • conn.log
      • Inspecting the conn.log
      • Understanding the Second conn.log Entry
      • Understanding the First conn.log Entry
      • The ip_proto Field
      • The uid and Other Fields
      • Conclusion
    • dns.log
      • Inspecting the dns.log
      • Understanding the Second dns.log Entry
      • Understanding the First dns.log Entry
      • The uid and Other Fields
      • Conclusion
    • http.log
      • Inspecting the http.log
      • Understanding the http.log Entry
      • Reviewing the Original Traffic
      • Conclusion
    • files.log
      • Inspecting the conn.log
      • Inspecting the http.log
      • Inspecting the files.log
      • Inspecting the Extracted File
      • Conclusion
    • ftp.log
      • Finding the ftp.log
      • Reconstructing the FTP Control Channel
      • Inspecting the ftp.log
      • Finding the Data Channel
      • Conclusion
    • ssl.log
      • Reviewing TLS Versions Seen on the Network
      • Preparing to Inspect the ssl.log
      • Inspecting the ssl.log When TLS 1.2 Applies
      • Inspecting the ssl.log When TLS 1.3 Applies
      • Inspecting the ssl.log When ESNI/ECH Applies
      • Leveraging JA3 and JA3S
      • Conclusion
    • x509.log
      • Inspecting the x509.log When TLS 1.2 Applies
      • Inspecting the x509.log When TLS 1.3 Applies
      • Conclusion
    • smtp.log
      • Inspecting SMTP Traffic
      • Inspecting the smtp.log
      • Inspecting Extracted Files
      • Inspecting Zeek Logs for Traffic to Port 465 TCP
      • Inspecting Zeek Logs for Traffic to Port 587 TCP
      • Other Email Protocols: IMAP over TLS
      • Other Email Protocols: POP over TLS
      • Conclusion
    • ssh.log
      • Lateral Movement
      • Failed Lateral Movement
      • Outbound Movement
      • Inbound Movement
      • Failed Movement
      • Conclusion
    • pe.log
      • Starting with conn.log
      • Continuing with http.log
      • Continuing with files.log
      • Continuing with pe.log
      • Reviewing the Extracted Binary
      • Conclusion
    • dhcp.log
      • DORA via Tcpdump
      • DORA via Tcpdump Verbose Mode
      • Acknowledgement via tshark
      • Zeek’s Rendition of DORA
      • Two UIDs
      • Enumerating DHCP Servers
      • Conclusion
    • ntp.log
      • NTP via tcpdump
      • NTP via tcpdump and tshark
      • NTP via Zeek
      • Identifying NTP Servers
      • Conclusion
    • SMB Logs (plus DCE-RPC, Kerberos, NTLM)
      • Introduction
      • Leveraging BZAR
      • Running the net user Command
        • notice.log
        • dce_rpc.log
        • kerberos.log and smb_mapping.log
      • Connecting to a SMB Share and Uploading a File
        • conn.log
        • notice.log
        • extract_files/, files.log, and pe.log, and VirusTotal
        • kerberos.log, smb_mapping.log, and smb_files.log
      • Connecting to a SMB Share and Downloading a File
        • conn.log
        • files.log and pe.log
        • kerberos.log, smb_mapping.log, and smb_files.log
      • Scheduling Mimikatz via the At Service
        • conn.log
        • smb_files.log
        • files.log
      • Reviewing the Packet Capture with tshark
      • Using PsExec to Retrieve a File from a Target
        • conn.log
        • notice.log
        • dce_rpc.log
        • kerberos.log
        • smb_mapping.log
        • smb_files.log
        • extract_files/, files.log, and pe.log, and VirusTotal
        • ntlm.log
      • Conclusion
    • irc.log
      • Reconstructing an IRC Session
      • Port 6667 conn.log
      • Port 6667 irc.log
      • Port 6697 conn.log
      • Port 6697 ssl.log and x509.log
      • Port 31337 conn.log
      • Port 31337 irc.log
      • Botnet IRC Traffic
      • Conclusion
    • ldap.log and ldap_search.log
      • LDAP Protocol Overview
      • ldap.log
      • ldap_search.log
      • StartTLS
      • Conclusion
    • postgresql.log
      • Overview
      • Example
      • TLS
    • quic.log
      • Overview
      • Example
      • Conclusion
    • rdp.log
      • conn.log
      • rdp.log
      • ssl.log and x509.log
      • Running the Test
      • Conclusion
    • traceroute.log
      • traceroute.log
      • Conclusion
    • tunnel.log
      • Teredo
        • tcpdump and tshark
        • conn.log
        • tunnel.log
      • IP in IP
        • tcpdump and tshark
        • conn.log
        • tunnel.log
      • IP over IP via GRE
        • tcpdump and tshark
        • conn.log
        • tunnel.log
      • IPv4 in PPP in GRE in IPv4 in IPv6
        • tcpdump and tshark
        • conn.log
        • tunnel.log
        • dns.log
      • Conclusion
    • dpd.log
      • One Specific Example
        • tcpdump and tshark
        • conn.log
        • ssl.log
        • dpd.log
      • Decoding 21588
      • Assorted Examples
      • Conclusion
    • known_*.log and software.log
      • known_certs.log
      • known_hosts.log
      • known_services.log
      • software.log
      • Conclusion
    • weird.log and notice.log
      • weird.log
      • notice.log
      • Investigating a weird.log and notice.log Entry
      • Conclusion
    • capture_loss.log and reporter.log
      • capture_loss.log
      • reporter.log
      • Conclusion
  • Introduction to Scripting
    • The Basics
      • Understanding Scripts
      • The Event Queue and Event Handlers
      • The Connection Record Data Type
      • Data Types and Data Structures
        • Scope
        • Data Structures
        • Data Types Revisited
        • Record Data Type
      • Custom Logging
      • Raising Notices
    • Finding Potential Usage Errors
    • Event Groups
      • Attribute Based Event Group
      • Module Based Event Group
    • Script Optimization
      • Introduction
      • Other Optimization Features
    • JavaScript
      • Preamble
      • Built-in Plugin
      • Hello World
      • Execution Model
      • Types
        • Record values
        • Table values
        • Set and vector values
        • Any and zeek.as()
        • Debugging
      • Examples
        • HTTP API
        • More
      • TypeScript
  • Frameworks
    • Broker Communication Framework
      • Cluster Layout / API
        • Layout / Topology
      • Data Management/Sharing Strategies
        • Data Stores
        • Data Partitioning
      • Broker Framework Examples
        • Topic Naming Conventions
        • Connecting to Peers
        • Remote Events
        • Remote Logging
        • Distributed Data Stores
      • Cluster Framework Examples
        • A Reminder About Events and Module Namespaces
        • Manager Sending Events To Workers
        • Worker Sending Events To Manager
        • Worker Sending Events To All Workers
        • Worker Distributing Events Uniformly Across Proxies
      • Broker-backed Zeek Tables for Data Synchronization and Persistence
    • Cluster Framework
      • Zeek’s Cluster Components
        • Manager
        • Worker
        • Proxy
        • Logger
      • Running a Zeek Cluster
        • Zeek Cluster Setup
        • General Usage and Deployment
      • Developing Scripts/Heuristics
        • The Need to Move Data and Events Across Different Nodes
        • Cluster Topics
        • Cluster Pools
        • Publishing Events Across the Cluster
        • Distributing Events Uniformly Across Proxies
        • A Cluster Script Walkthrough
    • Configuration Framework
      • Introduction
      • Declaring Options
      • Changing Options
        • Config File Formatting
      • Change Handlers
        • When Change Handlers Trigger
    • File Analysis Framework
      • Supported Protocols
      • File Lifecycle Events
      • File Type Identification
      • Adding Analysis
        • Per-file analyzer registration
        • Generic analyzer registration
        • Protocol-specific state
        • Examples
      • Input Framework Integration
    • Input Framework
      • Reading Data into Tables
        • Asynchronous processing
        • Sets instead of tables
        • Re-reading and streaming data
        • Receiving change events
        • Filtering data during import
        • Broken input data
      • Reading Data to Events
      • Data Readers
        • The ASCII Reader
        • The Benchmark Reader
        • The Binary Reader
        • The Raw Reader
        • The SQLite Reader
    • Intelligence Framework
      • Introduction
      • Quick Start
      • Architecture
        • Loading Intelligence
        • Seen Data
        • Intelligence Matches
    • Logging Framework
      • Terminology
      • Streams
        • Add Fields to a Log
        • Define a Logging Event
        • Disable a Stream
        • Delaying Log Writes
      • Filters
        • Rename a Log File
        • Change the Logging Directory
        • Add an Additional Output File
        • Determine Log Path Dynamically
        • Filtering Log Records
        • Log Rotation and Post-Processing
        • Other Features
      • Writers
        • ASCII Writer
        • SQLite Writer
        • None Writer
    • Management Framework
      • Quickstart
      • Architecture and Terminology
        • Controller
        • Instance
        • Agent
        • Cluster nodes
        • Client
      • A Visual Example
      • Goals and Relationship to ZeekControl
      • Running Controller and Agent
        • Joint launch
        • Separate controller and agent instances
        • Controller and agent instances on separate systems
        • Multiple instances
        • Controller and agent naming
        • Firewalling and encryption
        • Additional framework configuration
      • Node Operation and Outputs
      • Log Management
      • The zeek-client CLI
        • Standalone installation
        • Compatibility
        • Configuration
        • Auto-complete
      • Common cluster management tasks
        • Checking connected agents
        • Defining a cluster configuration
        • Configuration of the Telemetry framework
        • Staging and deploying configurations
        • Retrieving configurations
        • Showing the current instance nodes
        • Showing current global identifier values
        • Restarting cluster nodes
    • NetControl Framework
      • NetControl Architecture
      • NetControl API
        • High-level NetControl API
        • Rule API
        • Interacting with Rules
        • Catch and Release
      • NetControl Plugins
        • Using the existing plugins
        • Writing plugins
    • Notice Framework
      • Overview
      • Processing Notices
        • Notice Policy
        • Notice Policy Shortcuts
      • Raising Notices
      • Automated Suppression
      • Extending Notice Framework
        • Configuring Notice Emails
      • Cluster Considerations
      • The Weird Log
    • Packet Analysis
      • The Flow of Packets
      • Packet Analyzer Configuration
      • Packet Analyzer API
    • Signature Framework
      • Basics
      • Signature Language for Network Traffic
        • Conditions
        • Actions
      • Signature Language for File Content
        • Conditions
        • Actions
      • Things to keep in mind when writing signatures
      • Options
      • So, how about using Snort signatures with Zeek?
    • Storage Framework
      • Terminology
      • Asynchronous Mode vs Synchronous Mode
      • Using the Storage Framework
        • Operation Return Values
        • Opening and Closing a Backend
        • Storing, Retrieving, and Erasing Data
      • Events
    • Summary Statistics
      • Overview
      • Terminology
      • Examples
        • Printing the number of connections
        • Toy scan detection
    • Supervisor Framework
      • Simple Example
      • Supervised Cluster Example
      • Internal Architecture
      • Node Revival
    • Telemetry Framework
      • Metric Types
      • Cluster Considerations
      • Metrics Export
        • Zeek Logs
        • Native Prometheus Export
      • Examples of Metrics Application
        • Counting Log Writes per Stream
        • Table Sizes
        • Connection Durations as Histogram
        • Exporting the Zeek Version
    • TLS Decryption
      • Capturing and decrypting a trace file
        • Capturing a trace file with keys
        • Decrypting a trace file
      • Decrypting live traffic
      • TLS Decryption API
  • Popular Customizations
    • Log Enrichment
      • Community ID
      • Address geolocation and AS lookups
        • Building Zeek with libmaxminddb
        • Installing and configuring GeoIP databases
        • Querying the databases
        • Testing
        • Example
    • Log Writers
      • Kafka
    • Logging
      • JSON Streaming Logs
      • Long Connections
    • Profiling and Debugging
      • jemalloc profiling
  • Troubleshooting
    • Memory Leaks and State Growth
      • Jemalloc Memory Profiling
        • ZeekControl Integration
    • CPU Profiling
      • Perf and Flame Graphs
    • Metrics and Stats
      • Telemetry Framework and Prometheus
      • stats.log
      • prof.log
  • Script Reference
    • Operators
      • Relational operators
      • Logical operators
      • Arithmetic operators
      • Bitwise operators
      • Set operators
      • Assignment operators
      • Record field operators
      • Pattern operators
      • Type casting
      • Other operators
    • Types
      • addr
        • Type Conversions
      • any
      • bool
        • Type Conversions
      • count
        • Type Conversions
      • double
        • Type Conversions
      • enum
        • Type Conversions
      • event
      • file
      • function
        • Anonymous functions and their closures
        • Default values
        • Asynchronous functions
      • hook
      • int
        • Type Conversions
      • interval
        • Type Conversions
      • opaque
      • pattern
        • Type Conversions
      • port
        • Type Conversions
      • record
      • set
        • Declaration and initialization
        • Insertion and removal
        • Lookup and iteration
        • Set operations
        • Additional operations
      • string
        • Type Conversions
      • subnet
        • Type Conversions
      • table
        • Declaration and initialization
        • Insertion and removal
        • Lookup and iteration
        • Special lookups
        • Additional operations
      • time
        • Type Conversions
      • vector
        • Declaration and initialization
        • Insertion
        • Lookup and iteration
        • Vectorized operations
        • Additional operations
      • void
    • Attributes
      • &redef
      • &priority
      • &log
      • &optional
      • &default
      • &default_insert
      • &add_func
      • &delete_func
      • &expire_func
      • &read_expire
      • &write_expire
      • &create_expire
      • &on_change
      • &raw_output
      • &error_handler
      • &type_column
      • &backend
      • &broker_store
      • &broker_allow_complex_type
      • &ordered
      • &deprecated
      • &is_assigned
      • &is_used
      • &group
    • Declarations and Statements
      • Declarations
        • module
        • export
        • global
        • const
        • option
        • type
        • redef
        • Callables
      • Statements
        • add
        • assert
        • break
        • delete
        • event
        • fallthrough
        • for
        • if
        • local
        • next
        • print
        • return
        • schedule
        • switch
        • when
        • while
        • Compound Statement
        • Null Statement
    • Directives
      • @DIR
      • @FILENAME
      • @deprecated
      • @load
      • @load-plugin
      • @load-sigs
      • @unload
      • @prefixes
      • @if
      • @ifdef
      • @ifndef
      • @else
      • @endif
      • @DEBUG
    • Log Files
      • Network Protocols
      • Files
      • NetControl
      • Detection
      • Network Observations
      • Miscellaneous
      • Zeek Diagnostics
    • Notices
    • Packet Analyzers
      • Zeek::ARP
        • Components
        • Events
      • Zeek::AYIYA
        • Components
      • Zeek::Ethernet
        • Components
      • Zeek::FDDI
        • Components
      • Zeek::Geneve
        • Components
        • Events
        • Functions
      • Zeek::GRE
        • Components
      • Zeek::GTPv1
        • Components
        • Events
        • Functions
      • Zeek::IEEE802_11
        • Components
      • Zeek::IEEE802_11_Radio
        • Components
      • Zeek::IP
        • Components
      • Zeek::IPTunnel
        • Components
      • Zeek::LinuxSLL
        • Components
      • Zeek::LinuxSLL2
        • Components
      • Zeek::LLC
        • Components
      • Zeek::MPLS
        • Components
      • Zeek::NFLog
        • Components
      • Zeek::NOVELL_802_3
        • Components
      • Zeek::Null
        • Components
      • Zeek::PBB
        • Components
      • Zeek::PPP
        • Components
      • Zeek::PPPoE
        • Components
      • Zeek::PPPSerial
        • Components
      • Zeek::Root
        • Components
      • Zeek::Skip
        • Components
      • Zeek::SNAP
        • Components
      • Zeek::Teredo
        • Components
        • Events
        • Functions
      • Zeek::VLAN
        • Components
      • Zeek::VNTag
        • Components
      • Zeek::VXLAN
        • Components
        • Events
    • Protocol Analyzers
      • Zeek::BitTorrent
        • Components
        • Events
      • Zeek::Cluster_WebSocket
        • Components
        • Events
      • Zeek::ConnSize
        • Components
        • Events
        • Functions
      • Zeek::DCE_RPC
        • Components
        • Options/Constants
        • Types
        • Events
      • Zeek::DHCP
        • Components
        • Types
        • Events
      • Zeek::DNP3
        • Components
        • Events
      • Zeek::DNS
        • Components
        • Events
      • Zeek::File
        • Components
        • Events
      • Zeek::Finger
        • Components
        • Types
        • Events
      • Zeek::FTP
        • Components
        • Types
        • Events
        • Functions
      • Zeek::Gnutella
        • Components
        • Events
      • Zeek::GSSAPI
        • Components
        • Events
      • Zeek::HTTP
        • Components
        • Events
        • Functions
      • Zeek::Ident
        • Components
        • Events
      • Zeek::IMAP
        • Components
        • Events
      • Zeek::IRC
        • Components
        • Events
      • Zeek::JavaScript
        • Components
      • Zeek::KRB
        • Components
        • Options/Constants
        • Types
        • Events
      • Zeek::LDAP
        • Components
        • Types
        • Events
      • Zeek::Login
        • Components
        • Events
        • Functions
      • Zeek::MIME
        • Components
        • Options/Constants
        • Events
      • Zeek::Modbus
        • Components
        • Events
      • Zeek::MQTT
        • Components
        • Types
        • Events
      • Zeek::MySQL
        • Components
        • Events
      • Zeek::NCP
        • Components
        • Options/Constants
        • Events
      • Zeek::NetBIOS
        • Components
        • Events
        • Functions
      • Zeek::NTLM
        • Components
        • Types
        • Events
      • Zeek::NTP
        • Components
        • Types
        • Events
      • Zeek::PIA
        • Components
      • Zeek::POP3
        • Components
        • Options/Constants
        • Events
      • Zeek::QUIC
        • Components
        • Events
      • Zeek::RADIUS
        • Components
        • Types
        • Events
      • Zeek::RDP
        • Components
        • Types
        • Events
      • Zeek::RFB
        • Components
        • Events
      • Zeek::RPC
        • Components
        • Events
      • Zeek::SIP
        • Components
        • Events
      • Zeek::SMB
        • Components
        • Options/Constants
        • Types
        • Events
      • Zeek::SMTP
        • Components
        • Options/Constants
        • Events
        • Functions
      • Zeek::SNMP
        • Components
        • Types
        • Events
      • Zeek::SOCKS
        • Components
        • Events
      • Zeek::Spicy
      • Zeek::SSH
        • Components
        • Types
        • Events
      • Zeek::SSL
        • Components
        • Options/Constants
        • Types
        • Events
        • Functions
      • Zeek::StreamEvent
        • Components
        • Events
      • Zeek::Syslog
        • Components
        • Events
      • Zeek::TCP
        • Components
        • Types
        • Events
        • Functions
      • Zeek::WebSocket
        • Components
        • Options/Constants
        • Types
        • Events
        • Functions
      • Zeek::XMPP
        • Components
        • Events
      • Zeek::ZIP
        • Components
    • File Analyzers
      • Zeek::FileDataEvent
        • Components
      • Zeek::FileEntropy
        • Components
        • Events
      • Zeek::FileExtract
        • Components
        • Events
        • Functions
      • Zeek::FileHash
        • Components
        • Events
      • Zeek::PE
        • Components
        • Events
      • Zeek::X509
        • Components
        • Types
        • Events
        • Functions
    • Zeek Package Index
    • Zeek Script Index
      • base/init-bare.zeek
        • Summary
        • Detailed Interface
      • base/bif/const.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/zeek.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/communityid.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/stats.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/reporter.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/strings.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/option.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/api.zeek
        • Summary
        • Detailed Interface
      • base/bif/supervisor.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/packet_analysis.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/CPP-load.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/mmdb.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SNMP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_KRB.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/telemetry_functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/telemetry_types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/event.bif.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/utils.zeek
        • Summary
        • Detailed Interface
      • base/bif/analyzer.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/file_analysis.bif.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/root/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/root/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ip/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ip/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/skip/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/skip/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ethernet/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ethernet/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/fddi/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/fddi/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11_radio/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ieee802_11_radio/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll2/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/linux_sll2/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/nflog/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/nflog/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/null/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/null/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp_serial/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ppp_serial/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pppoe/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pppoe/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vlan/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vlan/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/mpls/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/mpls/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pbb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/pbb/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vntag/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vntag/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/udp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/udp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/tcp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/tcp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/icmp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/icmp/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/llc/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/llc/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/novell_802_3/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/novell_802_3/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/snap/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/snap/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gre/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gre/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/iptunnel/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/iptunnel/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ayiya/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/ayiya/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/geneve/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/geneve/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vxlan/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/vxlan/main.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/teredo/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/teredo/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Teredo.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Teredo.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/removal-hooks.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gtpv1/__load__.zeek
        • Summary
        • Detailed Interface
      • base/packet-protocols/gtpv1/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_GTPv1.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_GTPv1.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/init-bare.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/__preload__.zeek
        • Summary
        • Detailed Interface
      • base/init-frameworks-and-bifs.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/logging.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/postprocessors/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/postprocessors/scp.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/postprocessors/sftp.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/writers/ascii.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/writers/sqlite.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/logging/writers/none.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/comm.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/messaging.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/store.zeek
        • Summary
        • Detailed Interface
      • base/bif/data.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/store.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/log.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/broker/backpressure.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/control.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/supervisor/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/input.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/ascii.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/raw.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/benchmark.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/binary.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/config.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/input/readers/sqlite.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/cluster/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/cluster/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/control/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/control/main.zeek
        • Summary
        • Detailed Interface
      • base/bif/cluster.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Cluster_WebSocket.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/cluster/pools.zeek
        • Summary
        • Detailed Interface
      • base/utils/hash_hrw.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/input.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/config/weird.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/dpd.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/analyzer/logging.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/files/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/files/main.zeek
        • Summary
        • Detailed Interface
      • base/utils/site.zeek
        • Summary
        • Detailed Interface
      • base/utils/patterns.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/files/magic/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/telemetry/options.zeek
        • Summary
        • Detailed Interface
      • base/bif/__load__.zeek
        • Summary
        • Detailed Interface
      • base/bif/telemetry_consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/zeekygen.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/pcap.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/bloom-filter.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/cardinality-counter.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/top-k.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/storage-async.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/storage-events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/storage-sync.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/spicy.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_BitTorrent.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ConnSize.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ConnSize.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DHCP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DHCP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DNP3.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_DNS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_File.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FTP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Gnutella.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_GSSAPI.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_HTTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_HTTP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Ident.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_IMAP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_IRC.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_KRB.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Login.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Login.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MIME.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MIME.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Modbus.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MQTT.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MQTT.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_MySQL.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NCP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NCP.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NetBIOS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTLM.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTLM.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_POP3.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_POP3.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RADIUS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RDP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RDP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RFB.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RPC.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SIP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMB.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMTP.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMTP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SMTP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SNMP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SOCKS.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSH.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSH.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SSL.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_StreamEvent.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_TCP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_TCP.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_TCP.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_WebSocket.consts.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_WebSocket.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_WebSocket.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_WebSocket.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_XMPP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ARP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_UDP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ICMP.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Geneve.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_Geneve.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_VXLAN.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileEntropy.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileExtract.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileExtract.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_FileHash.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_PE.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.types.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.functions.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_ConfigReader.config.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_RawReader.raw.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_AF_Packet.af_packet.bif.zeek
        • Summary
        • Detailed Interface
      • base/bif/plugins/Zeek_JavaScript.zeekjs.bif.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/init-framework.zeek
        • Summary
        • Detailed Interface
      • base/init-default.zeek
        • Summary
        • Detailed Interface
      • base/utils/active-http.zeek
        • Summary
        • Detailed Interface
      • base/utils/exec.zeek
        • Summary
        • Detailed Interface
      • base/utils/addrs.zeek
        • Summary
        • Detailed Interface
      • base/utils/backtrace.zeek
        • Summary
        • Detailed Interface
      • base/utils/conn-ids.zeek
        • Summary
        • Detailed Interface
      • base/utils/dir.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/reporter/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/reporter/main.zeek
        • Summary
        • Detailed Interface
      • base/utils/paths.zeek
        • Summary
        • Detailed Interface
      • base/utils/directions-and-hosts.zeek
        • Summary
        • Detailed Interface
      • base/utils/email.zeek
        • Summary
        • Detailed Interface
      • base/utils/files.zeek
        • Summary
        • Detailed Interface
      • base/utils/geoip-distance.zeek
        • Summary
        • Detailed Interface
      • base/utils/numbers.zeek
        • Summary
        • Detailed Interface
      • base/utils/packages.zeek
        • Summary
        • Detailed Interface
      • base/utils/queue.zeek
        • Summary
        • Detailed Interface
      • base/utils/strings.zeek
        • Summary
        • Detailed Interface
      • base/utils/thresholds.zeek
        • Summary
        • Detailed Interface
      • base/utils/time.zeek
        • Summary
        • Detailed Interface
      • base/utils/urls.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/weird.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/email_admin.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/page.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/add-geodata.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/notice/actions/pp-alarms.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/signatures/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/signatures/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/packet-filter/netstats.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/software/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/software/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/files.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/intel/input.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/average.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/hll_unique.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/last.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/max.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/min.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/sample.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/std-dev.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/variance.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/sum.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/topk.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/plugins/unique.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/sumstats/non-cluster.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/tunnels/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/tunnels/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/consts.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/types.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/ryu.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/log.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/plugins/broker.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/openflow/non-cluster.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/types.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugin.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/debug.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/openflow.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/packetfilter.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/broker.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/plugins/acld.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/drop.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/shunt.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/netcontrol/non-cluster.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/telemetry/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/telemetry/main.zeek
        • Summary
        • Detailed Interface
      • base/misc/version.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/storage/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/storage/async.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/storage/main.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/storage/sync.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/__load__.zeek
        • Summary
        • Detailed Interface
      • base/frameworks/spicy/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/contents.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/inactivity.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/polling.zeek
        • Summary
        • Detailed Interface
      • base/protocols/conn/thresholds.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dce-rpc/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dce-rpc/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dce-rpc/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dhcp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dhcp/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dhcp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dnp3/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dnp3/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dnp3/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/dns/check-event-handlers.zeek
        • Summary
        • Detailed Interface
      • base/protocols/finger/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/finger/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/finger/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/utils-commands.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/info.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/utils.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ftp/gridftp.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/mozilla-ca-list.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/ct-list.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssl/files.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/main.zeek
        • Summary
        • Detailed Interface
      • base/files/hash/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/hash/main.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/certificate-event-cache.zeek
        • Summary
        • Detailed Interface
      • base/files/x509/log-ocsp.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/entities.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/utils.zeek
        • Summary
        • Detailed Interface
      • base/protocols/http/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/imap/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/imap/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/dcc-send.zeek
        • Summary
        • Detailed Interface
      • base/protocols/irc/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/krb/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ldap/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ldap/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ldap/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ldap/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/modbus/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/modbus/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/modbus/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mqtt/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mqtt/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mqtt/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mysql/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mysql/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/mysql/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntlm/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntlm/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ntp/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/pop3/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/postgresql/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/postgresql/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/postgresql/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/postgresql/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/quic/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/quic/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/quic/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/quic/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/radius/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/radius/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/radius/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rdp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rdp/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rdp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rfb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/rfb/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/sip/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/sip/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/snmp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/snmp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/const-dos-error.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/const-nt-status.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/smb1-main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/smb2-main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smb/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/entities.zeek
        • Summary
        • Detailed Interface
      • base/protocols/smtp/files.zeek
        • Summary
        • Detailed Interface
      • base/protocols/socks/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/socks/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/socks/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssh/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/ssh/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/spicy-events.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/syslog/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/websocket/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/websocket/consts.zeek
        • Summary
        • Detailed Interface
      • base/protocols/websocket/main.zeek
        • Summary
        • Detailed Interface
      • base/protocols/tunnels/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/xmpp/__load__.zeek
        • Summary
        • Detailed Interface
      • base/protocols/xmpp/main.zeek
        • Summary
        • Detailed Interface
      • base/files/pe/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/pe/consts.zeek
        • Summary
        • Detailed Interface
      • base/files/pe/main.zeek
        • Summary
        • Detailed Interface
      • base/files/extract/__load__.zeek
        • Summary
        • Detailed Interface
      • base/files/extract/main.zeek
        • Summary
        • Detailed Interface
      • base/misc/find-checksum-offloading.zeek
        • Summary
        • Detailed Interface
      • base/misc/find-filtered-trace.zeek
        • Summary
        • Detailed Interface
      • base/misc/installation.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/__load__.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/Zeek_AF_Packet/__load__.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/Zeek_AF_Packet/init.zeek
        • Summary
        • Detailed Interface
      • builtin-plugins/Zeek_JavaScript/__load__.zeek
        • Summary
        • Detailed Interface
      • zeekygen/__load__.zeek
        • Summary
        • Detailed Interface
      • test-all-policy.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/backend/zeromq/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/backend/zeromq/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/experimental.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/types.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/boot.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/log.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/persistence.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/request.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/util.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/boot.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/api.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/supervisor/config.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/dpd/detect-protocols.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/dpd/packet-segment-logging.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/do_notice.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/do_expire.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/whitelist.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/removal.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/conn-established.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/where-locations.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/dns.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/file-hashes.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/file-names.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/http-headers.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/http-url.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/pubkey-hashes.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/ssl.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/smb-filenames.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/smtp.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/smtp-url-extraction.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/intel/seen/x509.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/netcontrol/catch-and-release.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/detect-MHR.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/hash-all-files.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/entropy-test-all-files.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/extend-email/hostnames.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/actions/drop.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/notice/community-id.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/community-id-logging.zeek
        • Summary
        • Detailed Interface
      • policy/files/x509/disable-certificate-events-known-certs.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/packet-filter/shunt.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/software/version-changes.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/software/vulnerable.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/software/windows-version-detection.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/storage/backend/redis/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/storage/backend/redis/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/storage/backend/sqlite/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/storage/backend/sqlite/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/telemetry/log.zeek
        • Summary
        • Detailed Interface
      • policy/integration/collective-intel/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/integration/collective-intel/main.zeek
        • Summary
        • Detailed Interface
      • policy/misc/capture-loss.zeek
        • Summary
        • Detailed Interface
      • policy/misc/detect-traceroute/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/misc/detect-traceroute/main.zeek
        • Summary
        • Detailed Interface
      • policy/misc/loaded-scripts.zeek
        • Summary
        • Detailed Interface
      • policy/misc/profiling.zeek
        • Summary
        • Detailed Interface
      • policy/misc/stats.zeek
        • Summary
        • Detailed Interface
      • policy/misc/weird-stats.zeek
        • Summary
        • Detailed Interface
      • policy/misc/trim-trace-file.zeek
        • Summary
        • Detailed Interface
      • policy/misc/unknown-protocols.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/disable-unknown-ip-proto-support.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/failed-service-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/ip-proto-name-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/known-hosts.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/known-services.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/mac-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/vlan-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/weirds.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dhcp/msg-orig.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dhcp/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dhcp/sub-opts.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dns/auth-addl.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dns/detect-external-names.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/dns/log-original-query-case.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ftp/detect-bruteforcing.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ftp/detect.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ftp/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/detect-sqli.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/detect-webapps.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/header-names.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/software-browser-plugins.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/var-extraction-cookies.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/http/var-extraction-uri.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/krb/ticket-logging.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/modbus/known-masters-slaves.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/modbus/track-memmap.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/mysql/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/rdp/indicate_ssl.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smb/log-cmds.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/blocklists.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/detect-suspicious-orig.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/entities-excerpt.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/smtp/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/detect-bruteforcing.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/geo-data.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/interesting-hostnames.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssh/software.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/certificate-request-info.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/decryption.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/expiring-certs.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/heartbleed.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/known-certs.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/log-certs-base64.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/ssl-log-ext.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/log-hostcerts-only.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/validate-certs.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/validate-ocsp.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/validate-sct.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/ssl/weak-keys.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/json-logs.zeek
        • Summary
        • Detailed Interface
      • policy/tuning/track-all-assets.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/backend/zeromq/connect.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/cluster/nodes-experimental/manager.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/control/controllee.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/control/controller.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/agent/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/controller/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/__load__.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/management/node/main.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/files/extract-all-files.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/signatures/iso-9660.zeek
        • Summary
        • Detailed Interface
      • policy/misc/dump-events.zeek
        • Summary
        • Detailed Interface
      • policy/protocols/conn/speculative-service.zeek
        • Summary
        • Detailed Interface
      • policy/frameworks/spicy/resource-usage.zeek
        • Summary
        • Detailed Interface
      • zeekygen/example.zeek
        • Summary
        • Detailed Interface
    • Zeekygen Example Script
      • Summary
        • Redefinable Options
        • State Variables
        • Types
        • Redefinitions
        • Events
        • Functions
      • Detailed Interface
        • Redefinable Options
        • State Variables
        • Types
        • Events
        • Functions
  • Developer Guides
    • Writing Plugins
      • Quick Start
      • Plugin Directory Layout
      • init-plugin
      • Activating a Plugin
      • Plugin Components
      • Testing Plugins
      • Debugging Plugins
      • Building Plugins Statically
    • Writing Analyzers with Spicy
      • Installation
      • Getting Started
      • Tutorial
        • Compiling the Analyzer
        • Activating the Analyzer
        • Defining Events
        • Detour: Zeek vs. TFTP
        • Zeek Script
        • Creating a Zeek Package
      • Reference
        • Interface Definitions (“evt files”)
        • Compiling Analyzers
        • Controlling Zeek from Spicy
        • Accessing Zeek Variables from Spicy
        • Dynamic Protocol Detection (DPD)
        • Configuration
        • Debugging
      • FAQ
      • Terminology
    • Documentation Guide
      • Markup Format, Style, and Conventions
      • Source-Tree Organization
      • Generating Zeekygen Reference Docs
      • Local Previewing (How To Build)
      • Hosting
    • Contributor’s Guide
      • General Contribution Process
      • Coding Style and Conventions
      • General Documentation Structure/Process
      • Documentation Style and Conventions
      • Checking for Memory Errors and Leaks
      • Maintaining long-lived forks of Zeek
    • Maintainer’s Guide
      • Release Process
    • ZeroMQ Cluster Backend
      • Quickstart
      • Architecture
        • Publish-Subscribe of Zeek Events
        • Logging
        • Summary
  • Subcomponents
  • Acknowledgements
Index
Zeek
  • Script Reference
  • Zeek Script Index
  • base/protocols/ftp/__load__.zeek
  • View page source

base/protocols/ftp/__load__.zeek

Imports:

base/protocols/ftp/files.zeek, base/protocols/ftp/gridftp.zeek, base/protocols/ftp/info.zeek, base/protocols/ftp/main.zeek, base/protocols/ftp/utils-commands.zeek, base/protocols/ftp/utils.zeek

Summary

Detailed Interface

Previous Next

© Copyright by the Zeek Project. Last updated on May 09, 2025.

Built with Sphinx using a theme provided by Read the Docs.