Package: base/bif¶
Declaration of various scripting-layer constants that the Zeek core uses internally. Documentation and default values for the scripting-layer variables themselves are found in base/init-bare.zeek.
Declaration of various types that the Zeek core uses internally.
A collection of built-in functions that implement a variety of things such as general programming algorithms, string processing, math functions, introspection, type conversion, file/directory manipulation, packet filtering, interprocess communication and controlling protocol analyzer behavior.
You’ll find most of Zeek’s built-in functions that aren’t protocol-specific in this file.
The reporter built-in functions allow for the scripting layer to generate messages of varying severity. If no event handlers exist for reporter messages, the messages are output to stderr. If event handlers do exist, it’s assumed they take care of determining how/where to output the messages.
See base/frameworks/reporter/main.zeek for a convenient reporter message logging framework.
Definitions of built-in functions related to string processing and manipulation.
Definitions of built-in functions that allow the scripting layer to change the value of options and to be notified when option values change.
The BIFs that define the Zeek supervisor control interface.
base/bif/packet_analysis.bif.zeek
Definitions of built-in functions related to loading compiled-to-C++ scripts.
base/bif/plugins/Zeek_SNMP.types.bif.zeek
base/bif/plugins/Zeek_KRB.types.bif.zeek
The protocol-independent events that the C/C++ core of Zeek can generate.
This is mostly events not related to a specific transport- or application-layer protocol, but also includes a few that may be generated by more than one protocols analyzer (like events generated by both UDP and TCP analysis.)
Internal functions and types used by the analyzer framework.
base/bif/plugins/Zeek_Teredo.functions.bif.zeek
base/bif/plugins/Zeek_GTPv1.functions.bif.zeek
Internal functions and types used by the logging framework.
Functions and events regarding broker communication mechanisms.
Functions for peering and various messaging patterns.
Functions for inspecting and manipulating broker data.
Functions to interface with broker’s distributed data store.
Internal functions and types used by the input framework.
base/bif/file_analysis.bif.zeek
Internal functions and types used by the file analysis framework.
Functions for accessing counter metrics from script land.
Functions for querying script, package, or variable documentation.
base/bif/bloom-filter.bif.zeek
Functions to create and manipulate Bloom filters.
base/bif/cardinality-counter.bif.zeek
Functions to create and manipulate probabilistic cardinality counters.
Functions to probabilistically determine top-k elements.
base/bif/plugins/__load__.zeek
base/bif/plugins/Zeek_BitTorrent.events.bif.zeek
base/bif/plugins/Zeek_ConnSize.events.bif.zeek
base/bif/plugins/Zeek_ConnSize.functions.bif.zeek
base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek
base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek
base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek
base/bif/plugins/Zeek_DHCP.events.bif.zeek
base/bif/plugins/Zeek_DHCP.types.bif.zeek
base/bif/plugins/Zeek_DNP3.events.bif.zeek
base/bif/plugins/Zeek_DNS.events.bif.zeek
base/bif/plugins/Zeek_File.events.bif.zeek
base/bif/plugins/Zeek_Finger.events.bif.zeek
base/bif/plugins/Zeek_FTP.events.bif.zeek
base/bif/plugins/Zeek_FTP.functions.bif.zeek
base/bif/plugins/Zeek_Gnutella.events.bif.zeek
base/bif/plugins/Zeek_GSSAPI.events.bif.zeek
base/bif/plugins/Zeek_HTTP.events.bif.zeek
base/bif/plugins/Zeek_HTTP.functions.bif.zeek
base/bif/plugins/Zeek_Ident.events.bif.zeek
base/bif/plugins/Zeek_IMAP.events.bif.zeek
base/bif/plugins/Zeek_IRC.events.bif.zeek
base/bif/plugins/Zeek_KRB.events.bif.zeek
base/bif/plugins/Zeek_Login.events.bif.zeek
base/bif/plugins/Zeek_Login.functions.bif.zeek
base/bif/plugins/Zeek_MIME.events.bif.zeek
base/bif/plugins/Zeek_Modbus.events.bif.zeek
base/bif/plugins/Zeek_MQTT.types.bif.zeek
base/bif/plugins/Zeek_MQTT.events.bif.zeek
base/bif/plugins/Zeek_MySQL.events.bif.zeek
base/bif/plugins/Zeek_NCP.events.bif.zeek
base/bif/plugins/Zeek_NCP.consts.bif.zeek
base/bif/plugins/Zeek_NetBIOS.events.bif.zeek
base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek
base/bif/plugins/Zeek_NTLM.types.bif.zeek
base/bif/plugins/Zeek_NTLM.events.bif.zeek
base/bif/plugins/Zeek_NTP.types.bif.zeek
base/bif/plugins/Zeek_NTP.events.bif.zeek
base/bif/plugins/Zeek_POP3.events.bif.zeek
base/bif/plugins/Zeek_RADIUS.events.bif.zeek
base/bif/plugins/Zeek_RDP.events.bif.zeek
base/bif/plugins/Zeek_RDP.types.bif.zeek
base/bif/plugins/Zeek_RFB.events.bif.zeek
base/bif/plugins/Zeek_RPC.events.bif.zeek
base/bif/plugins/Zeek_SIP.events.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek
base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek
base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek
base/bif/plugins/Zeek_SMB.events.bif.zeek
base/bif/plugins/Zeek_SMB.consts.bif.zeek
base/bif/plugins/Zeek_SMB.types.bif.zeek
base/bif/plugins/Zeek_SMTP.events.bif.zeek
base/bif/plugins/Zeek_SMTP.functions.bif.zeek
base/bif/plugins/Zeek_SNMP.events.bif.zeek
base/bif/plugins/Zeek_SOCKS.events.bif.zeek
base/bif/plugins/Zeek_SSH.types.bif.zeek
base/bif/plugins/Zeek_SSH.events.bif.zeek
base/bif/plugins/Zeek_SSL.types.bif.zeek
base/bif/plugins/Zeek_SSL.events.bif.zeek
base/bif/plugins/Zeek_SSL.functions.bif.zeek
base/bif/plugins/Zeek_SSL.consts.bif.zeek
base/bif/plugins/Zeek_Syslog.events.bif.zeek
base/bif/plugins/Zeek_TCP.events.bif.zeek
base/bif/plugins/Zeek_TCP.types.bif.zeek
base/bif/plugins/Zeek_TCP.functions.bif.zeek
base/bif/plugins/Zeek_XMPP.events.bif.zeek
base/bif/plugins/Zeek_ARP.events.bif.zeek
base/bif/plugins/Zeek_UDP.events.bif.zeek
base/bif/plugins/Zeek_ICMP.events.bif.zeek
base/bif/plugins/Zeek_Geneve.events.bif.zeek
base/bif/plugins/Zeek_VXLAN.events.bif.zeek
base/bif/plugins/Zeek_Teredo.events.bif.zeek
base/bif/plugins/Zeek_GTPv1.events.bif.zeek
base/bif/plugins/Zeek_FileEntropy.events.bif.zeek
base/bif/plugins/Zeek_FileExtract.events.bif.zeek
base/bif/plugins/Zeek_FileExtract.functions.bif.zeek
Internal functions used by the extraction file analyzer.
base/bif/plugins/Zeek_FileHash.events.bif.zeek
base/bif/plugins/Zeek_PE.events.bif.zeek
base/bif/plugins/Zeek_X509.events.bif.zeek
base/bif/plugins/Zeek_X509.types.bif.zeek
base/bif/plugins/Zeek_X509.functions.bif.zeek
base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek
base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek
base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek
base/bif/plugins/Zeek_ConfigReader.config.bif.zeek
base/bif/plugins/Zeek_RawReader.raw.bif.zeek
base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek
base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek