policy/integration/barnyard2/main.zeek

Barnyard2

This script lets Barnyard2 integrate with Zeek. It receives alerts from Barnyard2 and logs them. In the future it will do more correlation and derive new notices from the alerts.

Namespace

Barnyard2

Imports

policy/integration/barnyard2/types.zeek

Summary

Types

Barnyard2::Info: record

Redefinitions

Log::ID: enum

Barnyard2::LOG

Hooks

Barnyard2::log_policy: Log::PolicyHook

Functions

Barnyard2::pid2cid: function

This can convert a Barnyard Barnyard2::PacketID value to a conn_id value in the case that you might need to index into an existing data structure elsewhere within Zeek.

Detailed Interface

Types

Barnyard2::Info

Type

record

ts: time &log

Timestamp of the alert.

pid: Barnyard2::PacketID &log

Associated packet ID.

alert: Barnyard2::AlertData &log

Associated alert data.

Hooks

Barnyard2::log_policy

Type

Log::PolicyHook

Functions

Barnyard2::pid2cid

Type

function (p: Barnyard2::PacketID) : conn_id

This can convert a Barnyard Barnyard2::PacketID value to a conn_id value in the case that you might need to index into an existing data structure elsewhere within Zeek.