`Signatures` Namespace¶

Namespace: Signatures.

class zlogging.enum.Signatures.Action(value)[source]

Bases: IntFlag

Enum: Signatures::Action.

These are the default actions you can apply to signature matches. All of them write the signature record to the logging stream unless declared otherwise.

See also

base/frameworks/signatures/main.zeek

SIG_IGNORE = 1: Ignore this signature completely (even for scan detection). Don’t write to the signatures logging stream.

SIG_QUIET = 2: Process through the various aggregate techniques, but don’t report individually and don’t write to the signatures logging stream.

SIG_LOG = 4: Generate a notice.

SIG_FILE_BUT_NO_SCAN = 8: The same as Signatures::SIG_LOG, but ignore for aggregate/scan processing.

SIG_ALARM = 16: Generate a notice and set it to be alarmed upon.

SIG_ALARM_PER_ORIG = 32: Alarm once per originator.

SIG_ALARM_ONCE = 64: Alarm once and then never again.

SIG_COUNT_PER_RESP = 128: Count signatures per responder host and alarm with the Signatures::Count_Signature notice if a threshold defined by Signatures::count_thresholds is reached.

SIG_SUMMARY = 256: Don’t alarm, but generate per-orig summary.

`Signatures` Namespace¶

ZLogging

Navigation

Related Topics

Signatures Namespace¶

`Signatures` Namespace¶