policy/integration/barnyard2/types.zeek

Barnyard2

This file is separate from the base script so that dependencies can be loaded in the correct order.

Namespace

Barnyard2

Summary

Types

Barnyard2::AlertData: record &log
Barnyard2::PacketID: record &log

Events

Barnyard2::barnyard_alert: event

This is the event that Barnyard2 instances will send if they’re configured with the bro_alert output plugin.

Detailed Interface

Types

Barnyard2::AlertData

Type

record

sensor_id: count &log

Sensor that originated this event.

ts: time &log

Timestamp attached to the alert.

signature_id: count &log

Sig id for this generator.

generator_id: count &log

Which generator generated the alert?

signature_revision: count &log

Sig revision for this id.

classification_id: count &log

Event classification.

classification: string &log

Descriptive classification string.

priority_id: count &log

Event priority.

event_id: count &log

Event ID.

Attributes

&log

Barnyard2::PacketID

Type

record

src_ip: addr &log

src_p: port &log

dst_ip: addr &log

dst_p: port &log

Attributes

&log

Events

Barnyard2::barnyard_alert

Type

event (id: Barnyard2::PacketID, alert: Barnyard2::AlertData, msg: string, data: string)

This is the event that Barnyard2 instances will send if they’re configured with the bro_alert output plugin.