file_analysis.bif.zeek¶

Files¶

GLOBAL¶

Internal functions and types used by the file analysis framework.

Namespaces: Files, GLOBAL

Summary¶

Functions¶

`Files::__add_analyzer`: `function`	`Files::add_analyzer`.
`Files::__analyzer_enabled`: `function`	`Files::analyzer_enabled`.
`Files::__analyzer_name`: `function`	`Files::analyzer_name`.
`Files::__disable_analyzer`: `function`	`Files::disable_analyzer`.
`Files::__disable_reassembly`: `function`	`Files::disable_reassembly`.
`Files::__enable_analyzer`: `function`	`Files::enable_analyzer`.
`Files::__enable_reassembly`: `function`	`Files::enable_reassembly`.
`Files::__file_exists`: `function`	`Files::file_exists`.
`Files::__lookup_file`: `function`	`Files::lookup_file`.
`Files::__remove_analyzer`: `function`	`Files::remove_analyzer`.
`Files::__set_reassembly_buffer`: `function`	`Files::set_reassembly_buffer_size`.
`Files::__set_timeout_interval`: `function`	`Files::set_timeout_interval`.
`Files::__stop`: `function`	`Files::stop`.
`set_file_handle`: `function`	For use within a `get_file_handle` handler to set a unique identifier to associate with the current input to the file analysis framework.

Detailed Interface¶

Functions¶

Files::__add_analyzer¶

Type: function (file_id: string, tag: Files::Tag, args: any) : bool

Files::add_analyzer.

Files::__analyzer_enabled¶

Type: function (tag: Files::Tag) : bool

Files::analyzer_enabled.

Files::__analyzer_name¶

Type: function (tag: Files::Tag) : string

Files::analyzer_name.

Files::__disable_analyzer¶

Type: function (tag: Files::Tag) : bool

Files::disable_analyzer.

Files::__disable_reassembly¶

Type: function (file_id: string) : bool

Files::disable_reassembly.

Files::__enable_analyzer¶

Type: function (tag: Files::Tag) : bool

Files::enable_analyzer.

Files::__enable_reassembly¶

Type: function (file_id: string) : bool

Files::enable_reassembly.

Files::__file_exists¶

Type: function (fuid: string) : bool

Files::file_exists.

Files::__lookup_file¶

Type: function (fuid: string) : fa_file

Files::lookup_file.

Files::__remove_analyzer¶

Type: function (file_id: string, tag: Files::Tag, args: any) : bool

Files::remove_analyzer.

Files::__set_reassembly_buffer¶

Type: function (file_id: string, max: count) : bool

Files::set_reassembly_buffer_size.

Files::__set_timeout_interval¶

Type: function (file_id: string, t: interval) : bool

Files::set_timeout_interval.

Files::__stop¶

Type: function (file_id: string) : bool

Files::stop.

set_file_handle¶

Type: function (handle: string) : any

For use within a get_file_handle handler to set a unique identifier to associate with the current input to the file analysis framework. Using an empty string for the handle signifies that the input will be ignored/discarded.

Handle: A string that uniquely identifies a file.