Zeek
latest (git/master)
Introduction
Cluster Architecture
Installation
Quick Start Guide
Cluster Configuration
Examples and Use Cases
Frameworks
Script Reference
Operators
Types
Attributes
Declarations and Statements
Directives
Log Files
Notices
Protocol Analyzers
File Analyzers
Bro Package Index
Bro Script Index
base/init-bare.bro
base/bif/const.bif.bro
base/bif/types.bif.bro
base/bif/bro.bif.bro
base/bif/stats.bif.bro
base/bif/reporter.bif.bro
base/bif/strings.bif.bro
base/bif/option.bif.bro
base/bif/plugins/Bro_SNMP.types.bif.bro
base/bif/plugins/Bro_KRB.types.bif.bro
base/bif/event.bif.bro
base/init-frameworks-and-bifs.bro
base/frameworks/logging/__load__.bro
base/frameworks/logging/main.bro
base/bif/logging.bif.bro
base/frameworks/logging/postprocessors/__load__.bro
base/frameworks/logging/postprocessors/scp.bro
base/frameworks/logging/postprocessors/sftp.bro
base/frameworks/logging/writers/ascii.bro
base/frameworks/logging/writers/sqlite.bro
base/frameworks/logging/writers/none.bro
base/frameworks/broker/__load__.bro
base/frameworks/broker/main.bro
base/bif/comm.bif.bro
base/bif/messaging.bif.bro
base/frameworks/broker/store.bro
base/bif/data.bif.bro
base/bif/store.bif.bro
base/frameworks/broker/log.bro
base/frameworks/input/__load__.bro
base/frameworks/input/main.bro
base/bif/input.bif.bro
base/frameworks/input/readers/ascii.bro
base/frameworks/input/readers/raw.bro
base/frameworks/input/readers/benchmark.bro
base/frameworks/input/readers/binary.bro
base/frameworks/input/readers/config.bro
base/frameworks/input/readers/sqlite.bro
base/frameworks/analyzer/__load__.bro
base/frameworks/analyzer/main.bro
base/frameworks/packet-filter/utils.bro
base/bif/analyzer.bif.bro
base/frameworks/files/__load__.bro
base/frameworks/files/main.bro
base/bif/file_analysis.bif.bro
base/utils/site.bro
base/utils/patterns.bro
base/frameworks/files/magic/__load__.bro
base/bif/__load__.bro
base/bif/broxygen.bif.bro
base/bif/pcap.bif.bro
base/bif/bloom-filter.bif.bro
base/bif/cardinality-counter.bif.bro
base/bif/top-k.bif.bro
base/bif/plugins/__load__.bro
base/bif/plugins/Bro_ARP.events.bif.bro
base/bif/plugins/Bro_BackDoor.events.bif.bro
base/bif/plugins/Bro_BitTorrent.events.bif.bro
base/bif/plugins/Bro_ConnSize.events.bif.bro
base/bif/plugins/Bro_ConnSize.functions.bif.bro
base/bif/plugins/Bro_DCE_RPC.consts.bif.bro
base/bif/plugins/Bro_DCE_RPC.types.bif.bro
base/bif/plugins/Bro_DCE_RPC.events.bif.bro
base/bif/plugins/Bro_DHCP.events.bif.bro
base/bif/plugins/Bro_DHCP.types.bif.bro
base/bif/plugins/Bro_DNP3.events.bif.bro
base/bif/plugins/Bro_DNS.events.bif.bro
base/bif/plugins/Bro_File.events.bif.bro
base/bif/plugins/Bro_Finger.events.bif.bro
base/bif/plugins/Bro_FTP.events.bif.bro
base/bif/plugins/Bro_FTP.functions.bif.bro
base/bif/plugins/Bro_Gnutella.events.bif.bro
base/bif/plugins/Bro_GSSAPI.events.bif.bro
base/bif/plugins/Bro_GTPv1.events.bif.bro
base/bif/plugins/Bro_HTTP.events.bif.bro
base/bif/plugins/Bro_HTTP.functions.bif.bro
base/bif/plugins/Bro_ICMP.events.bif.bro
base/bif/plugins/Bro_Ident.events.bif.bro
base/bif/plugins/Bro_IMAP.events.bif.bro
base/bif/plugins/Bro_InterConn.events.bif.bro
base/bif/plugins/Bro_IRC.events.bif.bro
base/bif/plugins/Bro_KRB.events.bif.bro
base/bif/plugins/Bro_Login.events.bif.bro
base/bif/plugins/Bro_Login.functions.bif.bro
base/bif/plugins/Bro_MIME.events.bif.bro
base/bif/plugins/Bro_Modbus.events.bif.bro
base/bif/plugins/Bro_MySQL.events.bif.bro
base/bif/plugins/Bro_NCP.events.bif.bro
base/bif/plugins/Bro_NCP.consts.bif.bro
base/bif/plugins/Bro_NetBIOS.events.bif.bro
base/bif/plugins/Bro_NetBIOS.functions.bif.bro
base/bif/plugins/Bro_NTLM.types.bif.bro
base/bif/plugins/Bro_NTLM.events.bif.bro
base/bif/plugins/Bro_NTP.events.bif.bro
base/bif/plugins/Bro_POP3.events.bif.bro
base/bif/plugins/Bro_RADIUS.events.bif.bro
base/bif/plugins/Bro_RDP.events.bif.bro
base/bif/plugins/Bro_RDP.types.bif.bro
base/bif/plugins/Bro_RFB.events.bif.bro
base/bif/plugins/Bro_RPC.events.bif.bro
base/bif/plugins/Bro_SIP.events.bif.bro
base/bif/plugins/Bro_SNMP.events.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro
base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro
base/bif/plugins/Bro_SMB.smb1_events.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro
base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro
base/bif/plugins/Bro_SMB.smb2_events.bif.bro
base/bif/plugins/Bro_SMB.events.bif.bro
base/bif/plugins/Bro_SMB.consts.bif.bro
base/bif/plugins/Bro_SMB.types.bif.bro
base/bif/plugins/Bro_SMTP.events.bif.bro
base/bif/plugins/Bro_SMTP.functions.bif.bro
base/bif/plugins/Bro_SOCKS.events.bif.bro
base/bif/plugins/Bro_SSH.types.bif.bro
base/bif/plugins/Bro_SSH.events.bif.bro
base/bif/plugins/Bro_SSL.types.bif.bro
base/bif/plugins/Bro_SSL.events.bif.bro
base/bif/plugins/Bro_SSL.functions.bif.bro
base/bif/plugins/Bro_SteppingStone.events.bif.bro
base/bif/plugins/Bro_Syslog.events.bif.bro
base/bif/plugins/Bro_TCP.events.bif.bro
base/bif/plugins/Bro_TCP.functions.bif.bro
base/bif/plugins/Bro_Teredo.events.bif.bro
base/bif/plugins/Bro_UDP.events.bif.bro
base/bif/plugins/Bro_XMPP.events.bif.bro
base/bif/plugins/Bro_FileEntropy.events.bif.bro
base/bif/plugins/Bro_FileExtract.events.bif.bro
base/bif/plugins/Bro_FileExtract.functions.bif.bro
base/bif/plugins/Bro_FileHash.events.bif.bro
base/bif/plugins/Bro_PE.events.bif.bro
base/bif/plugins/Bro_Unified2.events.bif.bro
base/bif/plugins/Bro_Unified2.types.bif.bro
base/bif/plugins/Bro_X509.events.bif.bro
base/bif/plugins/Bro_X509.types.bif.bro
base/bif/plugins/Bro_X509.functions.bif.bro
base/bif/plugins/Bro_X509.ocsp_events.bif.bro
base/bif/plugins/Bro_AsciiReader.ascii.bif.bro
base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro
base/bif/plugins/Bro_BinaryReader.binary.bif.bro
base/bif/plugins/Bro_ConfigReader.config.bif.bro
base/bif/plugins/Bro_RawReader.raw.bif.bro
base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
base/bif/plugins/Bro_NoneWriter.none.bif.bro
base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
base/init-default.bro
base/utils/active-http.bro
base/utils/exec.bro
base/utils/addrs.bro
base/utils/conn-ids.bro
base/utils/dir.bro
base/frameworks/reporter/__load__.bro
base/frameworks/reporter/main.bro
base/utils/paths.bro
base/utils/directions-and-hosts.bro
base/utils/email.bro
base/utils/files.bro
base/utils/geoip-distance.bro
base/utils/hash_hrw.bro
base/utils/numbers.bro
base/utils/queue.bro
base/utils/strings.bro
base/utils/thresholds.bro
base/utils/time.bro
base/utils/urls.bro
base/frameworks/notice/__load__.bro
base/frameworks/notice/main.bro
base/frameworks/cluster/__load__.bro
base/frameworks/cluster/main.bro
base/frameworks/control/__load__.bro
base/frameworks/control/main.bro
base/frameworks/cluster/pools.bro
base/frameworks/notice/weird.bro
base/frameworks/notice/actions/drop.bro
base/frameworks/netcontrol/__load__.bro
base/frameworks/netcontrol/types.bro
base/frameworks/netcontrol/main.bro
base/frameworks/netcontrol/plugin.bro
base/frameworks/netcontrol/plugins/__load__.bro
base/frameworks/netcontrol/plugins/debug.bro
base/frameworks/netcontrol/plugins/openflow.bro
base/frameworks/openflow/__load__.bro
base/frameworks/openflow/consts.bro
base/frameworks/openflow/types.bro
base/frameworks/openflow/main.bro
base/frameworks/openflow/plugins/__load__.bro
base/frameworks/openflow/plugins/ryu.bro
base/utils/json.bro
base/frameworks/openflow/plugins/log.bro
base/frameworks/openflow/plugins/broker.bro
base/frameworks/openflow/non-cluster.bro
base/frameworks/netcontrol/plugins/packetfilter.bro
base/frameworks/netcontrol/plugins/broker.bro
base/frameworks/netcontrol/plugins/acld.bro
base/frameworks/netcontrol/drop.bro
base/frameworks/netcontrol/shunt.bro
base/frameworks/netcontrol/catch-and-release.bro
base/frameworks/netcontrol/non-cluster.bro
base/frameworks/notice/actions/email_admin.bro
base/frameworks/notice/actions/page.bro
base/frameworks/notice/actions/add-geodata.bro
base/frameworks/notice/actions/pp-alarms.bro
base/frameworks/dpd/__load__.bro
base/frameworks/dpd/main.bro
base/frameworks/signatures/__load__.bro
base/frameworks/signatures/main.bro
base/frameworks/packet-filter/__load__.bro
base/frameworks/packet-filter/main.bro
base/frameworks/packet-filter/netstats.bro
base/frameworks/software/__load__.bro
base/frameworks/software/main.bro
base/frameworks/intel/__load__.bro
base/frameworks/intel/main.bro
base/frameworks/intel/files.bro
base/frameworks/intel/input.bro
base/frameworks/config/__load__.bro
base/frameworks/config/main.bro
base/frameworks/config/input.bro
base/frameworks/config/weird.bro
base/frameworks/sumstats/__load__.bro
base/frameworks/sumstats/main.bro
base/frameworks/sumstats/plugins/__load__.bro
base/frameworks/sumstats/plugins/average.bro
base/frameworks/sumstats/plugins/hll_unique.bro
base/frameworks/sumstats/plugins/last.bro
base/frameworks/sumstats/plugins/max.bro
base/frameworks/sumstats/plugins/min.bro
base/frameworks/sumstats/plugins/sample.bro
base/frameworks/sumstats/plugins/std-dev.bro
base/frameworks/sumstats/plugins/variance.bro
base/frameworks/sumstats/plugins/sum.bro
base/frameworks/sumstats/plugins/topk.bro
base/frameworks/sumstats/plugins/unique.bro
base/frameworks/sumstats/non-cluster.bro
base/frameworks/tunnels/__load__.bro
base/frameworks/tunnels/main.bro
base/protocols/conn/__load__.bro
base/protocols/conn/main.bro
base/protocols/conn/contents.bro
base/protocols/conn/inactivity.bro
base/protocols/conn/polling.bro
base/protocols/conn/thresholds.bro
base/protocols/dce-rpc/__load__.bro
base/protocols/dce-rpc/consts.bro
base/protocols/dce-rpc/main.bro
base/protocols/dhcp/__load__.bro
base/protocols/dhcp/consts.bro
base/protocols/dhcp/main.bro
base/protocols/dnp3/__load__.bro
base/protocols/dnp3/main.bro
base/protocols/dnp3/consts.bro
base/protocols/dns/__load__.bro
base/protocols/dns/consts.bro
base/protocols/dns/main.bro
base/protocols/ftp/__load__.bro
base/protocols/ftp/utils-commands.bro
base/protocols/ftp/info.bro
base/protocols/ftp/main.bro
base/protocols/ftp/utils.bro
base/protocols/ftp/files.bro
base/protocols/ftp/gridftp.bro
base/protocols/ssl/__load__.bro
base/protocols/ssl/consts.bro
base/protocols/ssl/main.bro
base/protocols/ssl/mozilla-ca-list.bro
base/protocols/ssl/ct-list.bro
base/protocols/ssl/files.bro
base/files/x509/__load__.bro
base/files/x509/main.bro
base/files/hash/__load__.bro
base/files/hash/main.bro
base/protocols/http/__load__.bro
base/protocols/http/main.bro
base/protocols/http/entities.bro
base/protocols/http/utils.bro
base/protocols/http/files.bro
base/protocols/imap/__load__.bro
base/protocols/imap/main.bro
base/protocols/irc/__load__.bro
base/protocols/irc/main.bro
base/protocols/irc/dcc-send.bro
base/protocols/irc/files.bro
base/protocols/krb/__load__.bro
base/protocols/krb/main.bro
base/protocols/krb/consts.bro
base/protocols/krb/files.bro
base/protocols/modbus/__load__.bro
base/protocols/modbus/consts.bro
base/protocols/modbus/main.bro
base/protocols/mysql/__load__.bro
base/protocols/mysql/main.bro
base/protocols/mysql/consts.bro
base/protocols/ntlm/__load__.bro
base/protocols/ntlm/main.bro
base/protocols/pop3/__load__.bro
base/protocols/radius/__load__.bro
base/protocols/radius/main.bro
base/protocols/radius/consts.bro
base/protocols/rdp/__load__.bro
base/protocols/rdp/consts.bro
base/protocols/rdp/main.bro
base/protocols/rfb/__load__.bro
base/protocols/rfb/main.bro
base/protocols/sip/__load__.bro
base/protocols/sip/main.bro
base/protocols/snmp/__load__.bro
base/protocols/snmp/main.bro
base/protocols/smb/__load__.bro
base/protocols/smb/consts.bro
base/protocols/smb/const-dos-error.bro
base/protocols/smb/const-nt-status.bro
base/protocols/smb/main.bro
base/protocols/smb/smb1-main.bro
base/protocols/smb/smb2-main.bro
base/protocols/smb/files.bro
base/protocols/smtp/__load__.bro
base/protocols/smtp/main.bro
base/protocols/smtp/entities.bro
base/protocols/smtp/files.bro
base/protocols/socks/__load__.bro
base/protocols/socks/consts.bro
base/protocols/socks/main.bro
base/protocols/ssh/__load__.bro
base/protocols/ssh/main.bro
base/protocols/syslog/__load__.bro
base/protocols/syslog/consts.bro
base/protocols/syslog/main.bro
base/protocols/tunnels/__load__.bro
base/protocols/xmpp/__load__.bro
base/protocols/xmpp/main.bro
base/files/pe/__load__.bro
base/files/pe/consts.bro
base/files/pe/main.bro
base/files/extract/__load__.bro
base/files/extract/main.bro
base/files/unified2/__load__.bro
base/files/unified2/main.bro
base/misc/find-checksum-offloading.bro
base/misc/find-filtered-trace.bro
base/misc/version.bro
broxygen/__load__.bro
test-all-policy.bro
policy/frameworks/dpd/detect-protocols.bro
policy/frameworks/dpd/packet-segment-logging.bro
policy/frameworks/intel/do_notice.bro
policy/frameworks/intel/do_expire.bro
policy/frameworks/intel/whitelist.bro
policy/frameworks/intel/seen/__load__.bro
policy/frameworks/intel/seen/conn-established.bro
policy/frameworks/intel/seen/where-locations.bro
policy/frameworks/intel/seen/dns.bro
policy/frameworks/intel/seen/file-hashes.bro
policy/frameworks/intel/seen/file-names.bro
policy/frameworks/intel/seen/http-headers.bro
policy/frameworks/intel/seen/http-url.bro
policy/frameworks/intel/seen/pubkey-hashes.bro
policy/frameworks/intel/seen/ssl.bro
policy/frameworks/intel/seen/smtp.bro
policy/frameworks/intel/seen/smtp-url-extraction.bro
policy/frameworks/intel/seen/x509.bro
policy/frameworks/files/detect-MHR.bro
policy/frameworks/files/hash-all-files.bro
policy/frameworks/files/entropy-test-all-files.bro
policy/frameworks/notice/__load__.bro
policy/frameworks/notice/extend-email/hostnames.bro
policy/files/x509/log-ocsp.bro
policy/frameworks/packet-filter/shunt.bro
policy/frameworks/software/version-changes.bro
policy/frameworks/software/vulnerable.bro
policy/frameworks/software/windows-version-detection.bro
policy/integration/barnyard2/__load__.bro
policy/integration/barnyard2/types.bro
policy/integration/barnyard2/main.bro
policy/integration/collective-intel/__load__.bro
policy/integration/collective-intel/main.bro
policy/misc/capture-loss.bro
policy/misc/detect-traceroute/__load__.bro
policy/misc/detect-traceroute/main.bro
policy/misc/load-balancing.bro
policy/misc/loaded-scripts.bro
policy/misc/profiling.bro
policy/misc/scan.bro
policy/misc/stats.bro
policy/misc/weird-stats.bro
policy/misc/trim-trace-file.bro
policy/protocols/conn/known-hosts.bro
policy/protocols/conn/known-services.bro
policy/protocols/conn/mac-logging.bro
policy/protocols/conn/vlan-logging.bro
policy/protocols/conn/weirds.bro
policy/protocols/dhcp/msg-orig.bro
policy/protocols/dhcp/software.bro
policy/protocols/dhcp/sub-opts.bro
policy/protocols/dns/auth-addl.bro
policy/protocols/dns/detect-external-names.bro
policy/protocols/ftp/detect-bruteforcing.bro
policy/protocols/ftp/detect.bro
policy/protocols/ftp/software.bro
policy/protocols/http/detect-sqli.bro
policy/protocols/http/detect-webapps.bro
policy/protocols/http/header-names.bro
policy/protocols/http/software-browser-plugins.bro
policy/protocols/http/software.bro
policy/protocols/http/var-extraction-cookies.bro
policy/protocols/http/var-extraction-uri.bro
policy/protocols/krb/ticket-logging.bro
policy/protocols/modbus/known-masters-slaves.bro
policy/protocols/modbus/track-memmap.bro
policy/protocols/mysql/software.bro
policy/protocols/rdp/indicate_ssl.bro
policy/protocols/smb/log-cmds.bro
policy/protocols/smtp/blocklists.bro
policy/protocols/smtp/detect-suspicious-orig.bro
policy/protocols/smtp/entities-excerpt.bro
policy/protocols/smtp/software.bro
policy/protocols/ssh/detect-bruteforcing.bro
policy/protocols/ssh/geo-data.bro
policy/protocols/ssh/interesting-hostnames.bro
policy/protocols/ssh/software.bro
policy/protocols/ssl/expiring-certs.bro
policy/protocols/ssl/extract-certs-pem.bro
policy/protocols/ssl/heartbleed.bro
policy/protocols/ssl/known-certs.bro
policy/protocols/ssl/log-hostcerts-only.bro
policy/protocols/ssl/validate-certs.bro
policy/protocols/ssl/validate-ocsp.bro
policy/protocols/ssl/validate-sct.bro
policy/protocols/ssl/weak-keys.bro
policy/tuning/__load__.bro
policy/tuning/defaults/__load__.bro
policy/tuning/defaults/packet-fragments.bro
policy/tuning/defaults/warnings.bro
policy/tuning/defaults/extracted_file_limits.bro
policy/tuning/json-logs.bro
policy/tuning/track-all-assets.bro
policy/protocols/ssl/notary.bro
policy/frameworks/control/controllee.bro
policy/frameworks/control/controller.bro
policy/frameworks/files/extract-all-files.bro
policy/misc/dump-events.bro
policy/protocols/dhcp/deprecated_events.bro
policy/protocols/smb/__load__.bro
broxygen/example.bro
Broxygen Example Script
Writing Plugins
Subcomponents
Zeek
Docs
»
Script Reference
»
Bro Script Index
»
base/bif/plugins/Bro_DCE_RPC.consts.bif.bro
Edit on GitHub
base/bif/plugins/Bro_DCE_RPC.consts.bif.bro
¶
GLOBAL
¶
Namespace:
GLOBAL
Summary
¶
Detailed Interface
¶
Read the Docs
v: latest (git/master)
Versions
latest
stable
Downloads
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.