salo.events.zeek
Submodules
Package Contents
Classes
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
|
Mixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details. |
Attributes
- class salo.events.zeek.ZeekModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.SaloEventModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- timestamp :datetime.datetime
- uid :Optional[str]
- src_ip :Optional[pydantic.IPvAnyAddress]
- src_port :Optional[int]
- dest_ip :Optional[pydantic.IPvAnyAddress]
- dest_port :Optional[int]
- salo.events.zeek.fake
- class salo.events.zeek.ConnModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/protocols/conn/main.zeek.html#type-Conn::Info',...
- proto :str
- service :str
- duration :Optional[float]
- orig_bytes :int
- resp_bytes :int
- conn_state :Optional[str]
- local_orig :Optional[bool]
- local_resp :Optional[bool]
- missed_bytes :int
- history :Optional[str]
- orig_pkts :int
- orig_ip_bytes :int
- resp_pkts :int
- resp_ip_bytes :int
- tunnel_parents :Optional[str]
- orig_l2_addr :Optional[str]
- resp_l2_addr :Optional[str]
- vlan :Optional[int]
- inner_vlan :Optional[int]
- speculative_service :Optional[str]
- class salo.events.zeek.SSLModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/protocols/ssl/main.zeek.html#type-SSL::Info',...
- dest_port :int
- version :Optional[str]
- cipher :Optional[str]
- curve :Optional[str]
- server_name :str
- resumed :Optional[bool]
- last_alert :Optional[str]
- next_protocol :Optional[str]
- established :Optional[bool]
- ssl_history :Optional[str]
- cert_chain_fps :Optional[List[str]]
- client_cert_chain_fps :Optional[List[str]]
- subject :Optional[str]
- issuer :Optional[str]
- client_subject :Optional[str]
- client_issuer :Optional[str]
- sni_matches_cert :Optional[bool]
- server_version :Optional[int]
- client_version :Optional[int]
- client_ciphers :Optional[List[int]]
- ssl_client_exts :Optional[List[int]]
- ssl_server_exts :Optional[List[int]]
- ticket_lifetime_hint :Optional[int]
- dh_param_size :Optional[int]
- point_formats :Optional[List[int]]
- client_curves :Optional[List[int]]
- orig_alpn :Optional[List[str]]
- client_supported_versions :Optional[List[int]]
- server_supported_version :Optional[int]
- client_comp_methods :Optional[List[int]]
- sigalgs :Optional[List[int]]
- hashalgs :Optional[List[int]]
- validation_status :Optional[str]
- ocsp_status :Optional[str]
- valid_ct_logs :Optional[int]
- valid_ct_operators :Optional[int]
- ja3 :str
- ja3s :str
- class salo.events.zeek.DNSModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/protocols/dns/main.zeek.html#type-DNS::Info',...
- proto :Optional[str]
- dns_id :Optional[int]
- dns_rtt :Optional[float]
- dns_query :str
- dns_qclass :int
- dns_qclass_name :str
- dns_qtype :int
- dns_qtype_name :str
- dns_rcode :int
- dns_rcode_name :str
- dns_aa :Optional[bool]
- dns_tc :Optional[bool]
- dns_rd :Optional[bool]
- dns_ra :Optional[bool]
- dns_z :int
- dns_rdata :Optional[Union[str, List[str]]]
- dns_ttl :Optional[Union[int, List[int]]]
- dns_rejected :Optional[bool]
- dns_auth :Optional[List[str]]
- dns_addl :Optional[List[str]]
- dns_original_query :Optional[str]
- class salo.events.zeek.HTTPModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/protocols/http/main.zeek.html#type-HTTP::Info',...
- trans_depth :int
- http_method :str
- http_hostname :str
- http_uri :str
- http_referrer :Optional[str]
- http_version :Optional[str]
- http_user_agent :str
- http_origin :Optional[str]
- http_request_body_len :int
- http_response_body_len :int
- http_status_code :int
- http_status_msg :str
- http_info_code :Optional[int]
- http_info_msg :Optional[str]
- http_tags :Optional[List]
- http_username :Optional[str]
- http_password :Optional[str]
- http_proxied :Optional[List[str]]
- orig_fuids :Optional[List[str]]
- orig_filenames :Optional[List[str]]
- orig_mime_types :Optional[List[str]]
- resp_fuids :Optional[List[str]]
- resp_filenames :Optional[List[str]]
- resp_mime_types :Optional[List[str]]
- http_client_header_names :Optional[List[str]]
- http_server_header_names :Optional[List[str]]
- http_cookie_vars :Optional[List[str]]
- http_uri_vars :Optional[List[str]]
- class salo.events.zeek.SMTPModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/protocols/smtp/main.zeek.html#type-SMTP::Info',...
- dest_port :Optional[int]
- smtp_trans_depth :Optional[int]
- smtp_helo :str
- smtp_mailfrom :str
- smtp_rcptto :List[str]
- timestamp :datetime.datetime
- smtp_from :str
- smtp_to :List[str]
- smtp_cc :Optional[List[str]]
- smtp_reply_to :Optional[str]
- smtp_msg_id :Optional[str]
- smtp_in_reply_to :Optional[str]
- smtp_subject :str
- smtp_x_originating_ip :Optional[str]
- smtp_first_received :Optional[str]
- smtp_second_received :Optional[str]
- smtp_last_reply :Optional[str]
- smtp_path :Optional[List[pydantic.IPvAnyAddress]]
- smtp_user_agent :str
- smtp_tls :Optional[bool]
- smtp_process_received_from :Optional[bool]
- smtp_has_client_activity :Optional[bool]
- smtp_process_smtp_headers :Optional[bool]
- smtp_entity_count :Optional[int]
- fuids :Optional[List[str]]
- smtp_is_webmail :Optional[bool]
- class salo.events.zeek.RDPModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/protocols/rdp/main.zeek.html#type-RDP::Info',...
- cookie :str
- result :str
- security_protocol :str
- client_channels :Optional[List[str]]
- keyboard_layour :Optional[str]
- client_build :Optional[str]
- client_name :Optional[str]
- client_dig_product_id :Optional[str]
- desktop_width :Optional[int]
- desktop_height :Optional[int]
- requested_color_depth :Optional[str]
- cert_type :Optional[str]
- cert_count :int
- cert_permanent :Optional[bool]
- encryption_level :Optional[str]
- encryption_method :Optional[str]
- ssl :Optional[bool]
- class salo.events.zeek.FilesModel(__pydantic_self__, **data: Any)[source]
Bases:
salo.events.zeek.base.ZeekModelMixin to provide __str__, __repr__, and __pretty__ methods. See #884 for more details.
__pretty__ is used by [devtools](https://python-devtools.helpmanual.io/) to provide human readable representations of objects.
- _refs :List[str] = ['https://docs.zeek.org/en/master/scripts/base/frameworks/files/main.zeek.html#type-Files::Info',...
- src_port :Optional[int]
- dest_port :Optional[int]
- fuid :str
- tx_hosts :Optional[List[str]]
- rx_hosts :Optional[List[str]]
- conn_uids :Optional[List[str]]
- source :str
- depth :Optional[int]
- analyzers :Optional[List[str]]
- mime_type :str
- duration :Optional[float]
- is_orig :Optional[bool]
- seen_bytes :Optional[int]
- total_bytes :Optional[int]
- missing_bytes :int
- overflow_bytes :int
- timedout :Optional[bool]
- parent_fuid :Optional[str]
- md5 :Optional[str]
- sha1 :Optional[str]
- sha256 :Optional[str]
- extracted :Optional[str]
- extracted_cutoff :Optional[bool]
- extract_size :Optional[int]