base/utils/site.zeek¶
-
Site¶
Definitions describing a site - which networks and DNS zones are “local” and “neighbors”, and servers running particular services.
- Namespace
Site
- Imports
Summary¶
Runtime Options¶
If local network administrators are known and they have responsibility for defined address space, then a mapping can be defined here between networks for which they have responsibility and a set of email addresses. |
|
Networks that are considered “local”. |
|
DNS zones that are considered “local”. |
|
Networks that are considered “neighbors”. |
|
DNS zones that are considered “neighbors”. |
|
Address space that is considered private and unrouted. |
State Variables¶
This is used for retrieving the subnet when using multiple entries in
|
Functions¶
Function that returns a comma-separated list of email addresses that are considered administrators for the IP address provided as an argument. |
|
Function that returns true if an address corresponds to one of the local networks, false if not. |
|
Function that returns true if a host name is within a local DNS zone. |
|
Function that returns true if an address corresponds to one of the neighbor networks, false if not. |
|
Function that returns true if a host name is within a neighbor DNS zone. |
|
Function that returns true if an address corresponds to one of the private/unrouted networks, false if not. |
Detailed Interface¶
Runtime Options¶
- Site::local_admins¶
-
If local network administrators are known and they have responsibility for defined address space, then a mapping can be defined here between networks for which they have responsibility and a set of email addresses.
- Site::local_nets¶
-
Networks that are considered “local”. Note that ZeekControl sets this automatically.
- Site::local_zones¶
-
DNS zones that are considered “local”.
- Site::neighbor_nets¶
-
Networks that are considered “neighbors”.
- Site::neighbor_zones¶
-
DNS zones that are considered “neighbors”.
- Site::private_address_space¶
- Type
- Attributes
- Default
{ ::1/128, fe80::/10, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 127.0.0.0/8, 100.64.0.0/10 }
Address space that is considered private and unrouted. By default it has RFC defined non-routable IPv4 address space.
State Variables¶
- Site::local_nets_table¶
-
This is used for retrieving the subnet when using multiple entries in
Site::local_nets. It’s populated automatically from there. A membership query can be done with anaddrand the table will yield the subnet it was found within.
Functions¶
- Site::get_emails¶
-
Function that returns a comma-separated list of email addresses that are considered administrators for the IP address provided as an argument. The function inspects
Site::local_admins.
- Site::is_local_addr¶
-
Function that returns true if an address corresponds to one of the local networks, false if not. The function inspects
Site::local_nets.
- Site::is_local_name¶
-
Function that returns true if a host name is within a local DNS zone. The function inspects
Site::local_zones.
- Site::is_neighbor_addr¶
-
Function that returns true if an address corresponds to one of the neighbor networks, false if not. The function inspects
Site::neighbor_nets.
- Site::is_neighbor_name¶
-
Function that returns true if a host name is within a neighbor DNS zone. The function inspects
Site::neighbor_zones.
- Site::is_private_addr¶
-
Function that returns true if an address corresponds to one of the private/unrouted networks, false if not. The function inspects
Site::private_address_space.