Source code for zlogging.enum.Intel

# -*- coding: utf-8 -*-
# pylint: disable=line-too-long
"""Namespace: ``Intel``."""

from zlogging._compat import enum


[docs]@enum.unique class Type(enum.IntFlag): """Enum: ``Intel::Type``. Enum type to represent various types of intelligence data. See Also: `base/frameworks/intel/main.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Type>`__ """ _ignore_ = 'Type _' Type = vars() #: An IP address. ADDR = enum.auto() #: A subnet in CIDR notation. SUBNET = enum.auto() #: A complete URL without the prefix "http://". URL = enum.auto() #: Software name. SOFTWARE = enum.auto() #: Email address. EMAIL = enum.auto() #: DNS domain name. DOMAIN = enum.auto() #: A user name. USER_NAME = enum.auto() #: Certificate SHA-1 hash. CERT_HASH = enum.auto() #: Public key MD5 hash. (SSH server host keys are a good example.) PUBKEY_HASH = enum.auto() #: (present if base/frameworks/intel/files.zeek is loaded) #: File hash which is non-hash type specific. It’s up to the #: user to query for any relevant hash types. FILE_HASH = enum.auto() #: (present if base/frameworks/intel/files.zeek is loaded) #: File name. Typically with protocols with definite #: indications of a file name. FILE_NAME = enum.auto()
[docs]@enum.unique class Where(enum.IntFlag): """Enum: ``Intel::Where``. Enum to represent where data came from when it was discovered. The convention is to prefix the name with ``IN_``. See Also: `base/frameworks/intel/main.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Where>`__ """ _ignore_ = 'Where _' Where = vars() #: A catchall value to represent data of unknown provenance. IN_ANYWHERE = enum.auto() #: Conn::IN_ORIG #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) Conn_IN_ORIG = enum.auto() #: Conn::IN_RESP #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) Conn_IN_RESP = enum.auto() #: Files::IN_HASH #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) Files_IN_HASH = enum.auto() #: Files::IN_NAME #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) Files_IN_NAME = enum.auto() #: DNS::IN_REQUEST #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) DNS_IN_REQUEST = enum.auto() #: DNS::IN_RESPONSE #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) DNS_IN_RESPONSE = enum.auto() #: HTTP::IN_HOST_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) HTTP_IN_HOST_HEADER = enum.auto() #: HTTP::IN_REFERRER_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) HTTP_IN_REFERRER_HEADER = enum.auto() #: HTTP::IN_USER_AGENT_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) HTTP_IN_USER_AGENT_HEADER = enum.auto() #: HTTP::IN_X_FORWARDED_FOR_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) HTTP_IN_X_FORWARDED_FOR_HEADER = enum.auto() #: HTTP::IN_URL #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) HTTP_IN_URL = enum.auto() #: SMTP::IN_MAIL_FROM #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_MAIL_FROM = enum.auto() #: SMTP::IN_RCPT_TO #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_RCPT_TO = enum.auto() #: SMTP::IN_FROM #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_FROM = enum.auto() #: SMTP::IN_TO #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_TO = enum.auto() #: SMTP::IN_CC #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_CC = enum.auto() #: SMTP::IN_RECEIVED_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_RECEIVED_HEADER = enum.auto() #: SMTP::IN_REPLY_TO #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_REPLY_TO = enum.auto() #: SMTP::IN_X_ORIGINATING_IP_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_X_ORIGINATING_IP_HEADER = enum.auto() #: SMTP::IN_MESSAGE #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_MESSAGE = enum.auto() #: SSH::IN_SERVER_HOST_KEY #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SSH_IN_SERVER_HOST_KEY = enum.auto() #: SSL::IN_SERVER_NAME #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SSL_IN_SERVER_NAME = enum.auto() #: SMTP::IN_HEADER #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMTP_IN_HEADER = enum.auto() #: X509::IN_CERT #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) X509_IN_CERT = enum.auto() #: SMB::IN_FILE_NAME #: (present if policy/frameworks/intel/seen/where-locations.zeek is loaded) SMB_IN_FILE_NAME = enum.auto() #: SSH::SUCCESSFUL_LOGIN #: (present if policy/protocols/ssh/detect-bruteforcing.zeek is loaded) #: An indicator of the login for the intel framework. SSH_SUCCESSFUL_LOGIN = enum.auto()