Source code for zlogging.enum.Signatures

# -*- coding: utf-8 -*-
# pylint: disable=line-too-long
"""Namespace: ``Signatures``."""

from zlogging._compat import enum


[docs]@enum.unique
class Action(enum.IntFlag):
    """Enum: ``Signatures::Action``.

    These are the default actions you can apply to signature matches. All of them write the signature
    record to the logging stream unless declared otherwise.

    See Also:
        `base/frameworks/signatures/main.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/signatures/main.zeek.html#type-Signatures::Action>`__

    """

    _ignore_ = 'Action _'
    Action = vars()

    #: Ignore this signature completely (even for scan detection).
    #: Don’t write to the signatures logging stream.
    SIG_IGNORE = enum.auto()

    #: Process through the various aggregate techniques, but don’t
    #: report individually and don’t write to the signatures logging
    #: stream.
    SIG_QUIET = enum.auto()

    #: Generate a notice.
    SIG_LOG = enum.auto()

    #: The same as Signatures::SIG\_LOG, but ignore for
    #: aggregate/scan processing.
    SIG_FILE_BUT_NO_SCAN = enum.auto()

    #: Generate a notice and set it to be alarmed upon.
    SIG_ALARM = enum.auto()

    #: Alarm once per originator.
    SIG_ALARM_PER_ORIG = enum.auto()

    #: Alarm once and then never again.
    SIG_ALARM_ONCE = enum.auto()

    #: Count signatures per responder host and alarm with the
    #: Signatures::Count\_Signature notice if a threshold
    #: defined by Signatures::count\_thresholds is reached.
    SIG_COUNT_PER_RESP = enum.auto()

    #: Don’t alarm, but generate per-orig summary.
    SIG_SUMMARY = enum.auto()
Source code for zlogging.enum.Signatures

ZLogging

Navigation

Related Topics
