policy/integration/barnyard2/main.zeek¶
-
Barnyard2¶
This script lets Barnyard2 integrate with Zeek. It receives alerts from Barnyard2 and logs them. In the future it will do more correlation and derive new notices from the alerts.
| Namespace: | Barnyard2 |
|---|---|
| Imports: | policy/integration/barnyard2/types.zeek |
Summary¶
Types¶
Barnyard2::Info: record |
Functions¶
Barnyard2::pid2cid: function |
This can convert a Barnyard Barnyard2::PacketID value to
a conn_id value in the case that you might need to index
into an existing data structure elsewhere within Zeek. |
Detailed Interface¶
Types¶
-
Barnyard2::Info¶ Type: - ts:
time&log Timestamp of the alert.
- pid:
Barnyard2::PacketID&log Associated packet ID.
- alert:
Barnyard2::AlertData&log Associated alert data.
- ts:
Functions¶
-
Barnyard2::pid2cid¶ Type: function(p:Barnyard2::PacketID) :conn_idThis can convert a Barnyard
Barnyard2::PacketIDvalue to aconn_idvalue in the case that you might need to index into an existing data structure elsewhere within Zeek.