base/frameworks/intel/files.zeek

Intel

File analysis framework integration for the intelligence framework. This script manages file information in intelligence framework data structures.

Namespace

Intel

Imports

base/frameworks/intel/main.zeek

Summary

Redefinitions

Intel::Info: record	Record used for the logging framework representing a positive hit within the intelligence framework. New Fields Intel::Info fuid: string &log &optional If a file was associated with this intelligence hit, this is the uid for the file. file_mime_type: string &log &optional A mime type if the intelligence hit is related to a file. file_desc: string &log &optional Frequently files can be “described” to give a bit more context.
Intel::Seen: record	Information about a piece of “seen” data. New Fields Intel::Seen f: fa_file &optional If the data was discovered within a file, the file record should go here to provide context to the data. fuid: string &optional If the data was discovered within a file, the file uid should go here to provide context to the data.
Intel::Type: enum	Enum type to represent various types of intelligence data. Intel::FILE_HASH: File hash which is non-hash type specific. Intel::FILE_NAME: File name.

Detailed Interface