# Arkime config.ini file # Latest settings documentation: https://github.com/arkime/arkime/wiki/Settings # See also https://github.com/arkime/arkime/blob/master/release/config.ini.sample # [default] elasticsearch=http://elasticsearch:9200 cronQueries=true rotateIndex=daily passwordSecret=Malcolm httpRealm=Arkime interface=eth0 wiseHost=127.0.0.1 wisePort=8081 pcapDir=/data/pcap/processed readTruncatedPackets=true maxFileSizeG=1 tcpTimeout=600 tcpSaveTimeout=720 udpTimeout=30 icmpTimeout=10 maxStreams=1000000 maxPackets=10000 freeSpaceG=10% viewPort=8005 geoLite2Country=/data/moloch/etc/GeoLite2-Country.mmdb geoLite2ASN=/data/moloch/etc/GeoLite2-ASN.mmdb rirFile=/data/moloch/etc/ipv4-address-space.csv ouiFile=/data/moloch/etc/oui.txt dropUser=arkime dropGroup=arkime # implicit auto-creation of users for Arkime (see https://github.com/arkime/arkime/pull/1120) # The userAutoCreateTmpl should more or less match what's in /etc/user_settings.json # which is what's used when creating the default admin user. userNameHeader=http_auth_http_user userAutoCreateTmpl={"userId": "${this.http_auth_http_user}", "userName": "${this.http_auth_http_user}", "enabled": true, "createEnabled": false, "webEnabled": true, "headerAuthEnabled": true, "emailSearch": true, "removeEnabled": false, "packetSearch": true, "hideStats": false, "hideFiles": false, "hidePcap": false, "disablePcapDownload": false, "settings": { "timezone": "local", "detailFormat": "last", "showTimestamps": "last", "sortColumn": "start", "sortDirection": "desc", "spiGraph": "protocol", "connSrcField": "srcIp", "connDstField": "dstIp", "numPackets": "last", "theme" : "custom1: #222222,#E2E2E2,#FFFFFF,#00789E,#004A79,#017D73,#092B40,#42b7c5,#2A7580,#ecb30a,#333333,#89ADCC,#6D6D6D,#FFE7E7,#ECFEFF", "manualQuery": false }, "views": { "Public IP Addresses": { "expression": "(country.dst == EXISTS!) || (country.src == EXISTS!) || (ip.dst == EXISTS! && ip.dst != 0.0.0.0/8 && ip.dst != 10.0.0.0/8 && ip.dst != 100.64.0.0/10 && ip.dst != 127.0.0.0/8 && ip.dst != 169.254.0.0/16 && ip.dst != 172.16.0.0/12 && ip.dst != 192.0.0.0/24 && ip.dst != 192.0.2.0/24 && ip.dst != 192.88.99.0/24 && ip.dst != 192.168.0.0/16 && ip.dst != 198.18.0.0/15 && ip.dst != 198.51.100.0/24 && ip.dst != 203.0.113.0/24 && ip.dst != 224.0.0.0/4 && ip.dst != 232.0.0.0/8 && ip.dst != 233.0.0.0/8 && ip.dst != 234.0.0.0/8 && ip.dst != 239.0.0.0/8 && ip.dst != 240.0.0.0/4 && ip.dst != 255.255.255.255 && ip.dst != :: && ip.dst != ::1 && ip.dst != ff00::/8 && ip.dst != fe80::/10 && ip.dst != fc00::/7 && ip.dst != fd00::/8) || (ip.src == EXISTS! && ip.src != 0.0.0.0/8 && ip.src != 10.0.0.0/8 && ip.src != 100.64.0.0/10 && ip.src != 127.0.0.0/8 && ip.src != 169.254.0.0/16 && ip.src != 172.16.0.0/12 && ip.src != 192.0.0.0/24 && ip.src != 192.0.2.0/24 && ip.src != 192.88.99.0/24 && ip.src != 192.168.0.0/16 && ip.src != 198.18.0.0/15 && ip.src != 198.51.100.0/24 && ip.src != 203.0.113.0/24 && ip.src != 224.0.0.0/4 && ip.src != 232.0.0.0/8 && ip.src != 233.0.0.0/8 && ip.src != 234.0.0.0/8 && ip.src != 239.0.0.0/8 && ip.src != 240.0.0.0/4 && ip.src != 255.255.255.255 && ip.src != :: && ip.src != ::1 && ip.src != ff00::/8 && ip.src != fe80::/10 && ip.src != fc00::/7 && ip.src != fd00::/8)" }, "PCAP Files": { "expression": "zeek.logType != EXISTS!" }, "Zeek Logs": { "expression": "zeek.logType == EXISTS!" }, "Zeek conn.log": { "expression": "zeek.logType == conn" }, "Zeek Exclude conn.log": { "expression": "zeek.logType == EXISTS! && zeek.logType != conn" } }, "tableStates": { "sessionsNew": { "order": [ [ "firstPacket", "desc" ] ], "visibleHeaders": [ "protocol", "zeek.logType", "firstPacket", "lastPacket", "src", "srcPort", "dst", "dstPort", "totPackets", "dbby", "tags", "info" ] } } } parseSMTP=true parseSMB=true parseQSValue=false supportSha256=false maxReqBody=64 config.reqBodyOnlyUtf8=true smtpIpHeaders=X-Originating-IP:;X-Barracuda-Apparent-Source-IP: parsersDir=/data/moloch/parsers pluginsDir=/data/moloch/plugins plugins=wise.so viewerPlugins=wise.js spiDataMaxIndices=7 packetThreads=2 pcapWriteMethod=simple pcapWriteSize=262143 dbBulkSize=300000 compressES=false maxESConns=30 maxESRequests=500 packetsPerPoll=50000 antiSynDrop=true logEveryXPackets=100000 logUnknownProtocols=false logESRequests=true logFileCreation=true # temporarily disabling viewer autocomplete to see if it helps slugishness valueAutoComplete=false [custom-fields] # see https://docs.zeek.org/en/stable/script-reference/log-files.html for Zeek logfile documentation # id information zeek.uid=db:zeek.uid;kind:termfield;friendly:Zeek Connection ID;help:Zeek Connection ID zeek.community_id=db:zeek.community_id;kind:termfield;friendly:Zeek Connection Community ID;help:Zeek Connection Community ID zeek.logType=db:zeek.logType;kind:termfield;friendly:Zeek Log Type;help:Zeek Log Type zeek.ts=db:zeek.ts;kind:termfield;friendly:Timestamp;help:Zeek Timestamp host.name=db:host.name;kind:termfield;friendly:Zeek Node;help:Zeek Node # basic connection information zeek.orig_h=db:zeek.orig_h;kind:termfield;friendly:Originating host;help:Originating Host zeek.orig_p=db:zeek.orig_p;kind:integer;friendly:Originating port;help:Originating Port zeek.orig_l2_addr=db:zeek.orig_l2_addr;kind:termfield;friendly:Originating MAC;help:Originating MAC zeek.orig_l2_oui=db:zeek.orig_l2_oui;kind:termfield;friendly:Originating OUI;help:Originating OUI zeek.orig_hostname=db:zeek.orig_hostname;kind:termfield;friendly:Originating Host Name;help:Originating Host Name zeek.orig_segment=db:zeek.orig_segment;kind:termfield;friendly:Originating Network Segment;help:Originating Network Segment zeek.source_ip_reverse_dns=db:zeek.source_ip_reverse_dns;kind:termfield;friendly:Originating IP Reverse DNS;help:Originating IP Reverse DNS zeek.source_geo.city_name=db:zeek.source_geo.city_name;kind:termfield;friendly:Originating GeoIP City;help:Originating GeoIP City zeek.source_geo.country_name=db:zeek.source_geo.country_name;kind:termfield;friendly:Originating GeoIP Country;help:Originating GeoIP Country zeek.resp_h=db:zeek.resp_h;kind:termfield;friendly:Responding host;help:Responding Host zeek.resp_p=db:zeek.resp_p;kind:integer;friendly:Responding port;help:Responding Port zeek.resp_l2_addr=db:zeek.resp_l2_addr;kind:termfield;friendly:Responding MAC;help:Responding MAC zeek.resp_l2_oui=db:zeek.resp_l2_oui;kind:termfield;friendly:Responding OUI;help:Responding OUI zeek.resp_hostname=db:zeek.resp_hostname;kind:termfield;friendly:Responding Host Name;help:Responding Host Name zeek.resp_segment=db:zeek.resp_segment;kind:termfield;friendly:Responding Network Segment;help:Responding Network Segment zeek.destination_ip_reverse_dns=db:zeek.destination_ip_reverse_dns;kind:termfield;friendly:Responding IP Reverse DNS;help:Responding IP Reverse DNS zeek.destination_geo.city_name=db:zeek.destination_geo.city_name;kind:termfield;friendly:Responding GeoIP City;help:Responding GeoIP City zeek.destination_geo.country_name=db:zeek.destination_geo.country_name;kind:termfield;friendly:Responding GeoIP Country;help:Responding GeoIP Country zeek.proto=db:zeek.proto;kind:lotermfield;friendly:Protocol;help:Protocol zeek.service=db:zeek.service;kind:termfield;friendly:Service;help:Service zeek.service_version=db:zeek.service_version;kind:termfield;friendly:Service Version;help:Service Version zeek.action=db:zeek.action;kind:termfield;friendly:Action;help:Action zeek.result=db:zeek.result;kind:termfield;friendly:Result;help:Result zeek.user=db:zeek.user;kind:termfield;friendly:User;help:User zeek.password=db:zeek.password;kind:termfield;friendly:Password;help:Password zeek.freq_score_v1=db:zeek_dns.freq_score_v1;kind:termfield;friendly:Freq Score v1;help:Freq Score v1 zeek.freq_score_v2=db:zeek_dns.freq_score_v2;kind:termfield;friendly:Freq Score v2;help:Freq Score v2 # file information zeek.fuid=db:zeek.fuid;kind:termfield;friendly:File ID;help:File ID zeek.filename=db:zeek.filename;kind:termfield;friendly:File Name;help:File Name zeek.filetype=db:zeek.filetype;kind:termfield;friendly:File Magic;help:File Magic # conn.log # https://docs.zeek.org/en/stable/scripts/base/protocols/conn/main.zeek.html#type-Conn::Info zeek_conn.duration=db:zeek_conn.duration;kind:termfield;friendly:Duration;help:Duration zeek_conn.orig_bytes=db:zeek_conn.orig_bytes;kind:integer;friendly:Originating Bytes;help:Originating Bytes zeek_conn.resp_bytes=db:zeek_conn.resp_bytes;kind:integer;friendly:Responding Bytes;help:Responding Bytes zeek_conn.conn_state=db:zeek_conn.conn_state;kind:termfield;friendly:Connection State Code;help:Connection State Code zeek_conn.conn_state_description=db:zeek_conn.conn_state_description;kind:termfield;friendly:conn Connection State;help:conn Connection State zeek_conn.local_orig=db:zeek_conn.local_orig;kind:termfield;friendly:Local Originator;help:Local Originator zeek_conn.local_resp=db:zeek_conn.local_resp;kind:termfield;friendly:Local Responder;help:Local Responder zeek_conn.missed_bytes=db:zeek_conn.missed_bytes;kind:integer;friendly:Missed Bytes;help:Missed Bytes zeek_conn.history=db:zeek_conn.history;kind:termfield;friendly:Connection Flags History;help:Connection Flags History zeek_conn.orig_pkts=db:zeek_conn.orig_pkts;kind:integer;friendly:Originating Packets;help:Originating Packets zeek_conn.orig_ip_bytes=db:zeek_conn.orig_ip_bytes;kind:integer;friendly:Originating IP Bytes;help:Originating IP Bytes zeek_conn.resp_pkts=db:zeek_conn.resp_pkts;kind:integer;friendly:Responding Packets;help:Responding Packets zeek_conn.resp_ip_bytes=db:zeek_conn.resp_ip_bytes;kind:integer;friendly:Responding IP Bytes;help:Responding IP Bytes zeek_conn.tunnel_parents=db:zeek_conn.tunnel_parents;kind:termfield;friendly:Tunnel Connection ID;help:Tunnel Connection ID zeek_conn.vlan=db:zeek_conn.vlan;kind:integer;friendly:Outer VLAN;help:Outer VLAN zeek_conn.inner_vlan=db:zeek_conn.inner_vlan;kind:integer;friendly:Inner VLAN;help:Inner VLAN # bacnet.log # https://github.com/cisagov/ICSNPP zeek_bacnet.bvlc_function=db:zeek_bacnet.bvlc_function;kind:termfield;friendly:BVLC Function;help:BVLC Function zeek_bacnet.pdu_type=db:zeek_bacnet.pdu_type;kind:termfield;friendly:APDU Service Type;help:APDU Service Type zeek_bacnet.pdu_service=db:zeek_bacnet.pdu_service;kind:termfield;friendly:APDU Service Choice;help:APDU Service Choice zeek_bacnet.invoke_id=db:zeek_bacnet.invoke_id;kind:integer;friendly:Invoke ID;help:Invoke ID zeek_bacnet.result_code=db:zeek_bacnet.result_code;kind:termfield;friendly:Result Code;help:Result Code # bacnet_discovery.log # https://github.com/cisagov/ICSNPP zeek_bacnet_discovery.pdu_service=db:zeek_bacnet_discovery.pdu_service;kind:termfield;friendly:APDU Service;help:APDU Service zeek_bacnet_discovery.object_type=db:zeek_bacnet_discovery.object_type;kind:termfield;friendly:Object Type;help:Object Type zeek_bacnet_discovery.instance_number=db:zeek_bacnet_discovery.instance_number;kind:integer;friendly:Instance Number;help:Instance Number zeek_bacnet_discovery.vendor=db:zeek_bacnet_discovery.vendor;kind:termfield;friendly:Vendor Name;help:Vendor Name zeek_bacnet_discovery.range=db:zeek_bacnet_discovery.range;kind:termfield;friendly:Range;help:Range zeek_bacnet_discovery.range_low=db:zeek_bacnet_discovery.range_low;kind:integer;friendly:Range Low;help:Range Low zeek_bacnet_discovery.range_high=db:zeek_bacnet_discovery.range_high;kind:integer;friendly:Range High;help:Range High zeek_bacnet_discovery.object_name=db:zeek_bacnet_discovery.object_name;kind:termfield;friendly:Object Name;help:Object Name # bacnet_property.log # https://github.com/cisagov/ICSNPP zeek_bacnet_property.pdu_service=db:zeek_bacnet_property.pdu_service;kind:termfield;friendly:APDU Service;help:APDU Service zeek_bacnet_property.object_type=db:zeek_bacnet_property.object_type;kind:termfield;friendly:Object Type;help:Object Type zeek_bacnet_property.instance_number=db:zeek_bacnet_property.instance_number;kind:integer;friendly:Instance Number;help:Instance Number zeek_bacnet_property.property=db:zeek_bacnet_property.property;kind:termfield;friendly:Property Type;help:Property Type zeek_bacnet_property.array_index=db:zeek_bacnet_property.array_index;kind:integer;friendly:Array Index;help:Array Index zeek_bacnet_property.value=db:zeek_bacnet_property.value;kind:termfield;friendly:Value;help:Value # bestguess.log zeek_bestguess.name=db:zeek_bestguess.name;kind:termfield;friendly:Best Guess Name;help:Best Guess Name zeek_bestguess.category=db:zeek_bestguess.category;kind:termfield;friendly:Best Guess Category;help:Best Guess Category # bsap_ip_header.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_ip_parser zeek_bsap_ip_header.num_msg=db:zeek_bsap_ip_header.num_msg;kind:termfield;friendly:Functions per Message;help:Functions per Message zeek_bsap_ip_header.type_name=db:zeek_bsap_ip_header.type_name;kind:integer;friendly:Message Type;help:Message Type # bsap_ip_rdb.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_ip_parser zeek_bsap_ip_rdb.app_func_code=db:zeek_bsap_ip_rdb.app_func_code;kind:termfield;friendly:Application Function;help:Application Function zeek_bsap_ip_rdb.data_len=db:zeek_bsap_ip_rdb.data_len;kind:integer;friendly:Data Length;help:Data Length zeek_bsap_ip_rdb.data=db:zeek_bsap_ip_rdb.data;kind:termfield;friendly:Subfunction Data;help:Subfunction Data zeek_bsap_ip_rdb.func_code=db:zeek_bsap_ip_rdb.func_code;kind:termfield;friendly:Application Subfunction;help:Application Subfunction zeek_bsap_ip_rdb.header_size=db:zeek_bsap_ip_rdb.header_size;kind:integer;friendly:Header Length;help:Header Length zeek_bsap_ip_rdb.mes_seq=db:zeek_bsap_ip_rdb.mes_seq;kind:integer;friendly:Message Sequence;help:Message Sequence zeek_bsap_ip_rdb.node_status=db:zeek_bsap_ip_rdb.node_status;kind:integer;friendly:Node Status;help:friendly:Node Status zeek_bsap_ip_rdb.res_seq=db:zeek_bsap_ip_rdb.res_seq;kind:integer;friendly:Response Sequence;help:Response Sequence zeek_bsap_ip_rdb.sequence=db:zeek_bsap_ip_rdb.sequence;kind:integer;friendly:Function Sequence;help:Function Sequence # bsap_ip_unknown.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_ip_parser zeek_bsap_ip_unknown.data=db:zeek_bsap_ip_unknown.data;kind:termfield;friendly:Unknown Data;help:Unknown Data # bsap_serial_header.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser zeek_bsap_serial_header.ctl=db:zeek_bsap_serial_header.ctl;kind:integer;friendly:Control Byte;help:Control Byte zeek_bsap_serial_header.dadd=db:zeek_bsap_serial_header.dadd;kind:integer;friendly:Destination Address;help:Destination Address zeek_bsap_serial_header.dfun=db:zeek_bsap_serial_header.dfun;kind:termfield;friendly:Destination Function;help:Destination Function zeek_bsap_serial_header.nsb=db:zeek_bsap_serial_header.nsb;kind:integer;friendly:Node Status;help:Node Statussb zeek_bsap_serial_header.sadd=db:zeek_bsap_serial_header.sadd;kind:integer;friendly:Source Address;help:Source Address zeek_bsap_serial_header.seq=db:zeek_bsap_serial_header.seq;kind:integer;friendly:Message Sequence;help:Message Sequence zeek_bsap_serial_header.ser=db:zeek_bsap_serial_header.ser;kind:termfield;friendly:Message Serial Number;help:Message Serial Number zeek_bsap_serial_header.sfun=db:zeek_bsap_serial_header.sfun;kind:termfield;friendly:Source Function;help:Source Function zeek_bsap_serial_header.type_name=db:zeek_bsap_serial_header.type_name;kind:termfield;friendly:Message Type;help:Message Type # bsap_serial_rdb.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser zeek_bsap_serial_rdb.data=db:zeek_bsap_serial_rdb.data;kind:termfield;friendly:RDB Function Data;help:RDB Function Data zeek_bsap_serial_rdb.func_code=db:zeek_bsap_serial_rdb.func_code;kind:termfield;friendly:RDB Function;help:RDB Function # bsap_serial_rdb_ext.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser zeek_bsap_serial_rdb_ext.data=db:zeek_bsap_serial_rdb_ext.data;kind:termfield;friendly:RDB Ext Function Data;help:RDB Ext Function Data zeek_bsap_serial_rdb_ext.dfun=db:zeek_bsap_serial_rdb_ext.dfun;kind:termfield;friendly:Destination Function;help:Destination Function zeek_bsap_serial_rdb_ext.extfun=db:zeek_bsap_serial_rdb_ext.extfun;kind:termfield;friendly:RDB Ext Function;help:RDB Ext Function zeek_bsap_serial_rdb_ext.nsb=db:zeek_bsap_serial_rdb_ext.nsb;kind:integer;friendly:Node Status;help:Node Status zeek_bsap_serial_rdb_ext.seq=db:zeek_bsap_serial_rdb_ext.seq;kind:integer;friendly:Message Sequence;help:Message Sequence zeek_bsap_serial_rdb_ext.sfun=db:zeek_bsap_serial_rdb_ext.sfun;kind:termfield;friendly:Source Function;help:Source Function # bsap_serial_unknown.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser zeek_bsap_serial_unknown.data=db:zeek_bsap_serial_unknown.data;kind:termfield;friendly:Unknown Data;help:Unknown Data # cip.log # https://github.com/cisagov/ICSNPP zeek_cip.cip_sequence_count=db:zeek_cip.cip_sequence_count;kind:integer;friendly:CIP Sequence Number;help:CIP Sequence Number zeek_cip.direction=db:zeek_cip.direction;kind:termfield;friendly:Direction;help:Direction zeek_cip.cip_service=db:zeek_cip.cip_service;kind:termfield;friendly:CIP Service;help:CIP Service zeek_cip.cip_status=db:zeek_cip.cip_status;kind:termfield;friendly:CIP Status;help:CIP Status zeek_cip.class_id=db:zeek_cip.class_id;kind:termfield;friendly:Class ID;help:Class ID zeek_cip.class_name=db:zeek_cip.class_name;kind:termfield;friendly:Class Name;help:Class Name zeek_cip.instance_id=db:zeek_cip.instance_id;kind:termfield;friendly:Instance ID;help:Instance ID zeek_cip.attribute_id=db:zeek_cip.attribute_id;kind:termfield;friendly:Attribute ID;help:Attribute ID zeek_cip.data_id=db:zeek_cip.data_id;kind:termfield;friendly:Data ID;help:Data ID zeek_cip.other_id=db:zeek_cip.other_id;kind:termfield;friendly:Other ID;help:Other ID # cip_identity.log # https://github.com/cisagov/ICSNPP zeek_cip_identity.encapsulation_version=db:zeek_cip_identity.encapsulation_version;kind:integer;friendly:Encapsulation Version;help:Encapsulation Version zeek_cip_identity.socket_address=db:zeek_cip_identity.socket_address;kind:termfield;friendly:Socket Address;help:Socket Address zeek_cip_identity.socket_address_geo.city_name=db:zeek_cip_identity.socket_address_geo.city_name;kind:termfield;friendly:Socket Address GeoIP City;help:Socket Address GeoIP City zeek_cip_identity.socket_address_geo.country_name=db:zeek_cip_identity.socket_address_geo.country_name;kind:termfield;friendly:Socket Address GeoIP Country;help:Socket Address GeoIP Country zeek_cip_identity.socket_address_asn=db:zeek_cip_identity.socket_address_asn;kind:termfield;friendly:Socket Address ASN;help:Socket Address ASN zeek_cip_identity.socket_port=db:zeek_cip_identity.socket_port;kind:integer;friendly:Socket Port;help:Socket Port zeek_cip_identity.vendor_id=db:zeek_cip_identity.vendor_id;kind:integer;friendly:Vendor ID;help:Vendor ID zeek_cip_identity.vendor_name=db:zeek_cip_identity.vendor_name;kind:termfield;friendly:Vendor Name;help:Vendor Name zeek_cip_identity.device_type_id=db:zeek_cip_identity.device_type_id;kind:integer;friendly:Device Type ID;help:Device Type ID zeek_cip_identity.device_type_name=db:zeek_cip_identity.device_type_name;kind:termfield;friendly:Device Type Name;help:Device Type Name zeek_cip_identity.product_code=db:zeek_cip_identity.product_code;kind:integer;friendly:Product Code;help:Product Code zeek_cip_identity.revision=db:zeek_cip_identity.revision;kind:termfield;friendly:Device Revision;help:Device Revision zeek_cip_identity.device_status=db:zeek_cip_identity.device_status;kind:termfield;friendly:Device Status;help:Device Status zeek_cip_identity.serial_number=db:zeek_cip_identity.serial_number;kind:termfield;friendly:Serial Number;help:Serial Number zeek_cip_identity.product_name=db:zeek_cip_identity.product_name;kind:termfield;friendly:Product Name;help:Product Name zeek_cip_identity.device_state=db:zeek_cip_identity.device_state;kind:termfield;friendly:Device State;help:Device State # cip_io.log # https://github.com/cisagov/ICSNPP zeek_cip_io.connection_id=db:zeek_cip_io.connection_id;kind:termfield;friendly:Connection ID;help:Connection ID zeek_cip_io.sequence_number=db:zeek_cip_io.sequence_number;kind:integer;friendly:Sequence Number;help:Sequence Number zeek_cip_io.data_length=db:zeek_cip_io.data_length;kind:integer;friendly:Data Length;help:Data Length zeek_cip_io.io_data=db:zeek_cip_io.io_data;kind:termfield;friendly:Transport Data;help:Transport Data # dce_rpc.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dce-rpc/main.zeek.html#type-DCE_RPC::Info zeek_dce_rpc.rtt=db:zeek_dce_rpc.rtt;kind:termfield;friendly:Round Trip Time;help:Round Trip Time zeek_dce_rpc.named_pipe=db:zeek_dce_rpc.named_pipe;kind:termfield;friendly:Remote Pipe;help:Remote Pipe zeek_dce_rpc.endpoint=db:zeek_dce_rpc.endpoint;kind:termfield;friendly:Endpoint;help:Endpoint zeek_dce_rpc.operation=db:zeek_dce_rpc.operation;kind:termfield;friendly:Operation;help:Operation # dhcp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dhcp/main.zeek.html#type-DHCP::Info zeek_dhcp.mac=db:zeek_dhcp.mac;kind:termfield;friendly:Client MAC;help:Client MAC zeek_dhcp.assigned_ip=db:zeek_dhcp.assigned_ip;kind:termfield;friendly:Assigned IP;help:Assigned IP zeek_dhcp.lease_time=db:zeek_dhcp.lease_time;kind:termfield;friendly:Lease Time;help:Lease Time zeek_dhcp.trans_id=db:zeek_dhcp.trans_id;kind:termfield;friendly:dhcp Transaction ID;help:dhcp Transaction ID zeek_dhcp.client_fqdn=db:zeek_dhcp.client_fqdn;kind:termfield;friendly:Client FQDN;help:Client FQDN zeek_dhcp.client_message=db:zeek_dhcp.client_message;kind:termfield;friendly:Client Message;help:Client Message zeek_dhcp.domain=db:zeek_dhcp.domain;kind:termfield;friendly:Domain;help:Domain zeek_dhcp.duration=db:zeek_dhcp.duration;kind:termfield;friendly:Duration;help:Duration zeek_dhcp.host_name=db:zeek_dhcp.host_name;kind:termfield;friendly:Hostname;help:Hostname zeek_dhcp.msg_types=db:zeek_dhcp.msg_types;kind:termfield;friendly:Message Types;help:Message Types zeek_dhcp.requested_ip=db:zeek_dhcp.requested_ip;kind:termfield;friendly:Requested IP;help:Requested IP zeek_dhcp.server_message=db:zeek_dhcp.server_message;kind:termfield;friendly:Server Message;help:Server Message zeek_dhcp.client_software=db:zeek_dhcp.client_software;kind:termfield;friendly:Client Software;help:Client Software zeek_dhcp.server_software=db:zeek_dhcp.server_software;kind:termfield;friendly:Server Software;help:Server Software # dnp3.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dnp3/main.zeek.html#type-DNP3::Info zeek_dnp3.fc_request=db:zeek_dnp3.fc_request;kind:termfield;friendly:Request Function Message;help:Request Function Message zeek_dnp3.fc_reply=db:zeek_dnp3.fc_reply;kind:termfield;friendly:Reply Function Message;help:Reply Function Message zeek_dnp3.iin=db:zeek_dnp3.iin;kind:termfield;friendly:Internal Indication Number;help:Internal Indication Number zeek_dnp3.iin_flags=db:zeek_dnp3.iin_flags;kind:termfield;friendly:Internal Indicators;help:Internal Indicators # dnp3_control.log # https://github.com/cisagov/ICSNPP zeek_dnp3_control.block_type=db:zeek_dnp3_control.block_type;kind:termfield;friendly:Control Block Type;help:Control Block Type zeek_dnp3_control.function_code=db:zeek_dnp3_control.function_code;kind:termfield;friendly:DNP3 Function Code;help:DNP3 Function Code zeek_dnp3_control.index_number=db:zeek_dnp3_control.index_number;kind:integer;friendly:Object Index Number;help:Object Index Number zeek_dnp3_control.trip_control_code=db:zeek_dnp3_control.trip_control_code;kind:termfield;friendly:Trip Control Code;help:Trip Control Code zeek_dnp3_control.operation_type=db:zeek_dnp3_control.operation_type;kind:termfield;friendly:Operation Type;help:Operation Type zeek_dnp3_control.execute_count=db:zeek_dnp3_control.execute_count;kind:integer;friendly:Execute Count;help:Execute Count zeek_dnp3_control.on_time=db:zeek_dnp3_control.on_time;kind:integer;friendly:On Time;help:On Time zeek_dnp3_control.off_time=db:zeek_dnp3_control.off_time;kind:integer;friendly:Off Time;help:Off Time zeek_dnp3_control.status_code=db:zeek_dnp3_control.status_code;kind:termfield;friendly:Status Code;help:Status Code # dnp3_objects.log # https://github.com/cisagov/ICSNPP zeek_dnp3_objects.function_code=db:zeek_dnp3_objects.function_code;kind:termfield;friendly:Function Code;help:Function Code zeek_dnp3_objects.object_type=db:zeek_dnp3_objects.object_type;kind:termfield;friendly:Object Type;help:Object Type zeek_dnp3_objects.object_count=db:zeek_dnp3_objects.object_count;kind:integer;friendly:Object Count;help:Object Count zeek_dnp3_objects.range_low=db:zeek_dnp3_objects.range_low;kind:integer;friendly:Range Low;help:Range Low zeek_dnp3_objects.range_high=db:zeek_dnp3_objects.range_high;kind:integer;friendly:Range High;help:Range High # dns.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.zeek.html#type-DNS::Info zeek_dns.trans_id=db:zeek_dns.trans_id;kind:termfield;friendly:Transaction ID;help:Transaction ID zeek_dns.rtt=db:zeek_dns.rtt;kind:termfield;friendly:Round Trip Time;help:Round Trip Time zeek_dns.query=db:zeek_dns.query;kind:termfield;friendly:Query;help:Query zeek_dns.qclass=db:zeek_dns.qclass;kind:termfield;friendly:Query Class Code;help:Query Class Code zeek_dns.qclass_name=db:zeek_dns.qclass_name;kind:termfield;friendly:Query Class;help:Query Class zeek_dns.qtype=db:zeek_dns.qtype;kind:termfield;friendly:Query Type Code;help:Query Type Code zeek_dns.qtype_name=db:zeek_dns.qtype_name;kind:termfield;friendly:Query Type;help:Query Type zeek_dns.rcode=db:zeek_dns.rcode;kind:integer;friendly:Response Code;help:Response Code zeek_dns.rcode_name=db:zeek_dns.rcode_name;kind:termfield;friendly:Response;help:Response zeek_dns.AA=db:zeek_dns.AA;kind:termfield;friendly:Authoritative Answer Bit;help:Authoritative Answer Bit zeek_dns.TC=db:zeek_dns.TC;kind:termfield;friendly:Truncation Bit;help:Truncation Bit zeek_dns.RD=db:zeek_dns.RD;kind:termfield;friendly:Recursion Desired Bit;help:Recursion Desired Bit zeek_dns.RA=db:zeek_dns.RA;kind:termfield;friendly:Recursion Available Bit;help:Recursion Available Bit zeek_dns.Z=db:zeek_dns.Z;kind:termfield;friendly:Z Bit;help:Z Bit zeek_dns.answers=db:zeek_dns.answers;kind:termfield;friendly:Answer;help:Answer zeek_dns.TTLs=db:zeek_dns.TTLs;kind:termfield;friendly:TTL;help:TTL zeek_dns.rejected=db:zeek_dns.rejected;kind:termfield;friendly:Rejected;help:Rejected # dpd.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/dpd/main.zeek.html#type-DPD::Info zeek_dpd.service=db:zeek_dpd.service;kind:termfield;friendly:Protocol;help:Protocol zeek_dpd.failure_reason=db:zeek_dpd.failure_reason;kind:termfield;friendly:Failure Reason;help:Failure Reason # enip.log # https://github.com/cisagov/ICSNPP zeek_enip.enip_command=db:zeek_enip.enip_command;kind:termfield;friendly:EthernetIP Command;help:EthernetIP Command zeek_enip.length=db:zeek_enip.length;kind:integer;friendly:Packet Length;help:Packet Length zeek_enip.session_handle=db:zeek_enip.session_handle;kind:termfield;friendly:Session Number;help:Session Number zeek_enip.enip_status=db:zeek_enip.enipstatus;kind:termfield;friendly:EthernetIP Status;help:EthernetIP Status zeek_enip.sender_context=db:zeek_enip.sender_context;kind:termfield;friendly:Sender Context;help:Sender Context zeek_enip.options=db:zeek_enip.options;kind:termfield;friendly:Options;help:Options # ecat_registers.log # https://github.com/cisagov/ICSNPP zeek_ecat_registers.command=db:zeek_ecat_registers.command;kind:termfield;friendly:Command;help:Command zeek_ecat_registers.slave_addr=db:zeek_ecat_registers.slave_addr;kind:termfield;friendly:Slave Address;help:Slave Address zeek_ecat_registers.register_type=db:zeek_ecat_registers.register_type;kind:termfield;friendly:Register Information;help:Register Information zeek_ecat_registers.register_addr=db:zeek_ecat_registers.register_addr;kind:termfield;friendly:Register Address;help:Register Address zeek_ecat_registers.data=db:zeek_ecat_registers.data;kind:termfield;friendly:Data;help:Data # ecat_log_address.log # https://github.com/cisagov/ICSNPP zeek_ecat_log_address.log_addr=db:zeek_ecat_log_address.log_addr;kind:termfield;friendly:Data Address;help:Data Address zeek_ecat_log_address.length=db:zeek_ecat_log_address.length;kind:integer;friendly:Data Length;help:Data Length zeek_ecat_log_address.command=db:zeek_ecat_log_address.command;kind:termfield;friendly:Command;help:Command zeek_ecat_log_address.data=db:zeek_ecat_log_address.data;kind:termfield;friendly:Data;help:Data # ecat_dev_info.log # https://github.com/cisagov/ICSNPP zeek_ecat_dev_info.slave_id=db:zeek_ecat_dev_info.slave_id;kind:termfield;friendly:Slave Address;help:Slave Address zeek_ecat_dev_info.revision=db:zeek_ecat_dev_info.revision;kind:termfield;friendly:Revision;help:Revision zeek_ecat_dev_info.dev_type=db:zeek_ecat_dev_info.dev_type;kind:termfield;friendly:Device Type;help:Device Type zeek_ecat_dev_info.build=db:zeek_ecat_dev_info.build;kind:termfield;friendly:Build Version;help:Build Version zeek_ecat_dev_info.fmmucnt=db:zeek_ecat_dev_info.fmmucnt;kind:termfield;friendly:Fieldbus MMU Channels;help:Fieldbus MMU Channels zeek_ecat_dev_info.smcount=db:zeek_ecat_dev_info.smcount;kind:termfield;friendly:Sync Managers;help:Sync Managers zeek_ecat_dev_info.ports=db:zeek_ecat_dev_info.ports;kind:termfield;friendly:Port Descriptor;help:Port Descriptor zeek_ecat_dev_info.dpram=db:zeek_ecat_dev_info.dpram;kind:termfield;friendly:RAM Size;help:RAM Size zeek_ecat_dev_info.features=db:zeek_ecat_dev_info.features;kind:termfield;friendly:Features;help:Features # ecat_aoe_info.log # https://github.com/cisagov/ICSNPP zeek_ecat_aoe_info.resp_port=db:zeek_ecat_aoe_info.resp_port;kind:termfield;friendly:Target Port;help:Target Port zeek_ecat_aoe_info.orig_port=db:zeek_ecat_aoe_info.orig_port;kind:termfield;friendly:Sender Port;help:Sender Port zeek_ecat_aoe_info.command=db:zeek_ecat_aoe_info.command;kind:termfield;friendly:Command;help:Command zeek_ecat_aoe_info.state=db:zeek_ecat_aoe_info.state;kind:termfield;friendly:State Flags;help:State Flags zeek_ecat_aoe_info.data=db:zeek_ecat_aoe_info.data;kind:termfield;friendly:Data;help:Data # ecat_coe_info.log # https://github.com/cisagov/ICSNPP zeek_ecat_coe_info.number=db:zeek_ecat_coe_info.number;kind:termfield;friendly:Message Number;help:Message Number zeek_ecat_coe_info.type=db:zeek_ecat_coe_info.type;kind:termfield;friendly:Message Type;help:Message Type zeek_ecat_coe_info.req_resp=db:zeek_ecat_coe_info.req_resp;kind:termfield;friendly:Request or Response;help:Request or Response zeek_ecat_coe_info.index=db:zeek_ecat_coe_info.index;kind:termfield;friendly:Message Index;help:Message Index zeek_ecat_coe_info.subindex=db:zeek_ecat_coe_info.subindex;kind:termfield;friendly:Message Subindex;help:Message Subindex zeek_ecat_coe_info.dataoffset=db:zeek_ecat_coe_info.dataoffset;kind:termfield;friendly:Data Offset;help:Data Offset # ecat_foe_info.log # https://github.com/cisagov/ICSNPP zeek_ecat_foe_info.opcode=db:zeek_ecat_foe_info.opcode;kind:termfield;friendly:Operation;help:Operation zeek_ecat_foe_info.reserved=db:zeek_ecat_foe_info.reserved;kind:termfield;friendly:Reserver;help:Reserver zeek_ecat_foe_info.packet_num=db:zeek_ecat_foe_info.packet_num;kind:termfield;friendly:Packet Number;help:Packet Number zeek_ecat_foe_info.error_code=db:zeek_ecat_foe_info.error_code;kind:termfield;friendly:Error Code;help:Error Code zeek_ecat_foe_info.filename=db:zeek_ecat_foe_info.filename;kind:termfield;friendly:File Name;help:File Name zeek_ecat_foe_info.data=db:zeek_ecat_foe_info.data;kind:termfield;friendly:Data;help:Data # ecat_soe_info.log # https://github.com/cisagov/ICSNPP zeek_ecat_soe_info.opcode=db:zeek_ecat_soe_info.opcode;kind:termfield;friendly:Operation;help:Operation zeek_ecat_soe_info.incomplete=db:zeek_ecat_soe_info.incomplete;kind:termfield;friendly:Incomplete;help:Incomplete zeek_ecat_soe_info.error=db:zeek_ecat_soe_info.error;kind:termfield;friendly:Error Message;help:Error Message zeek_ecat_soe_info.drive_num=db:zeek_ecat_soe_info.drive_num;kind:termfield;friendly:Drive Number;help:Drive Number zeek_ecat_soe_info.element=db:zeek_ecat_soe_info.element;kind:termfield;friendly:Element Flags;help:Element Flags zeek_ecat_soe_info.index=db:zeek_ecat_soe_info.index;kind:termfield;friendly:Message Index;help:Message Index # ecat_arp_info.log # https://github.com/cisagov/ICSNPP zeek_ecat_arp_info.arp_type=db:zeek_ecat_arp_info.arp_type;kind:termfield;friendly:ARP Command;help:ARP Command zeek_ecat_arp_info.orig_proto_addr=db:zeek_ecat_arp_info.orig_proto_addr;kind:termfield;friendly:Originating host;help:Originating host zeek_ecat_arp_info.orig_hw_addr=db:zeek_ecat_arp_info.orig_hw_addr;kind:termfield;friendly:Originating MAC;help:Originating MAC zeek_ecat_arp_info.resp_proto_addr=db:zeek_ecat_arp_info.resp_proto_addr;kind:termfield;friendly:Responding host;help:Responding host zeek_ecat_arp_info.resp_hw_addr=db:zeek_ecat_arp_info.resp_hw_addr;kind:termfield;friendly:Responding MAC;help:Responding MAC # files.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/files/main.zeek.html#type-Files::Info zeek_files.tx_hosts=db:zeek_files.tx_hosts;kind:termfield;friendly:Transmitter;help:Transmitter zeek_files.rx_hosts=db:zeek_files.rx_hosts;kind:termfield;friendly:Receiver;help:Receiver zeek_files.conn_uids=db:zeek_files.conn_uids;kind:termfield;friendly:Connection ID;help:Connection ID zeek_files.source=db:zeek_files.source;kind:termfield;friendly:Source;help:Source zeek_files.depth=db:zeek_files.depth;kind:integer;friendly:Source Depth;help:Source Depth zeek_files.analyzers=db:zeek_files.analyzers;kind:termfield;friendly:Analyzer;help:Analyzer zeek_files.mime_type=db:zeek_files.mime_type;kind:termfield;friendly:File Magic;help:File Magic zeek_files.filename=db:zeek_files.filename;kind:termfield;friendly:Filename;help:Filename zeek_files.duration=db:zeek_files.duration;kind:termfield;friendly:Analysis Duration;help:Analysis Duration zeek_files.local_orig=db:zeek_files.local_orig;kind:termfield;friendly:Local Originator;help:Local Originator zeek_files.is_orig=db:zeek_files.is_orig;kind:termfield;friendly:Originator is Transmitter;help:Originator is Transmitter zeek_files.seen_bytes=db:zeek_files.seen_bytes;kind:integer;friendly:Bytes Analyzed;help:Bytes Analyzed zeek_files.total_bytes=db:zeek_files.total_bytes;kind:integer;friendly:Total Bytes;help:Total Bytes zeek_files.missing_bytes=db:zeek_files.missing_bytes;kind:integer;friendly:Missed Bytes;help:Missed Bytes zeek_files.overflow_bytes=db:zeek_files.overflow_bytes;kind:integer;friendly:Overflow Bytes;help:Overflow Bytes zeek_files.timedout=db:zeek_files.timedout;kind:termfield;friendly:Analysis Timed Out;help:Analysis Timed Out zeek_files.parent_fuid=db:zeek_files.parent_fuid;kind:termfield;friendly:Parent File ID;help:Parent File ID zeek_files.md5=db:zeek_files.md5;kind:termfield;friendly:MD5 Digest;help:MD5 Digest zeek_files.sha1=db:zeek_files.sha1;kind:termfield;friendly:SHA1 Digest;help:SHA1 Digest zeek_files.sha256=db:zeek_files.sha256;kind:termfield;friendly:SHA256 Digest;help:SHA256 Digest zeek_files.extracted=db:zeek_files.extracted;kind:termfield;friendly:Extracted Filename;help:Extracted Filename zeek_files.extracted_cutoff=db:zeek_files.extracted_cutoff;kind:termfield;friendly:Truncated;help:Truncated zeek_files.extracted_size=db:zeek_files.extracted_size;kind:integer;friendly:Extracted Bytes;help:Extracted Bytes # ftp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ftp/info.zeek.html#type-FTP::Info zeek_ftp.command=db:zeek_ftp.command;kind:termfield;friendly:Command;help:Command zeek_ftp.arg=db:zeek_ftp.arg;kind:termfield;friendly:Argument;help:Argument zeek_ftp.mime_type=db:zeek_ftp.mime_type;kind:termfield;friendly:File Magic;help:File Magic zeek_ftp.file_size=db:zeek_ftp.file_size;kind:integer;friendly:File Size;help:File Size zeek_ftp.reply_code=db:zeek_ftp.reply_code;kind:integer;friendly:Reply Code;help:Reply Code zeek_ftp.reply_msg=db:zeek_ftp.reply_msg;kind:termfield;friendly:Reply;help:Reply zeek_ftp.data_channel_passive=db:zeek_ftp.data_channel_passive;kind:termfield;friendly:Passive;help:Passive zeek_ftp.data_channel_orig_h=db:zeek_ftp.data_channel_orig_h;kind:termfield;friendly:Data Originating Host;help:Data Originating Host zeek_ftp.data_channel_resp_h=db:zeek_ftp.data_channel_resp_h;kind:termfield;friendly:Data Responding Host;help:Data Responding Host zeek_ftp.data_channel_resp_p=db:zeek_ftp.data_channel_resp_p;kind:integer;friendly:Data Responding Port;help:Data Responding Port # gquic.log # https://github.com/salesforce/GQUIC_Protocol_Analyzer/blob/master/scripts/Salesforce/GQUIC/main.bro zeek_gquic.version=db:zeek_gquic.version;kind:termfield;friendly:QUIC version;help:gquic version zeek_gquic.server_name=db:zeek_gquic.server_name;kind:termfield;friendly:Server Name;help:gquic server_name zeek_gquic.user_agent=db:zeek_gquic.user_agent;kind:termfield;friendly:User Agent;help:gquic user_agent zeek_gquic.tag_count=db:zeek_gquic.tag_count;kind:integer;friendly:Tag Count;help:gquic tag_count zeek_gquic.cyu=db:zeek_gquic.cyu;kind:termfield;friendly:CYU Fingerprint;help:gquic cyu zeek_gquic.cyutags=db:zeek_gquic.cyutags;kind:termfield;friendly:CYU Fingerprint Digest;help:gquic cyutags # http.log # https://docs.zeek.org/en/stable/scripts/base/protocols/http/main.zeek.html#type-HTTP::Info zeek_http.trans_depth=db:zeek_http.trans_depth;kind:integer;friendly:Pipeline Depth;help:Pipeline Depth zeek_http.method=db:zeek_http.method;kind:termfield;friendly:Request Method;help:Request Method zeek_http.host=db:zeek_http.host;kind:termfield;friendly:Host Header;help:Host Header zeek_http.uri=db:zeek_http.uri;kind:termfield;friendly:URI;help:URI zeek_http.referrer=db:zeek_http.referrer;kind:termfield;friendly:Referrer Header;help:Referrer Header zeek_http.version=db:zeek_http.version;kind:termfield;friendly:Version;help:Version zeek_http.user_agent=db:zeek_http.user_agent;kind:termfield;friendly:User Agent;help:User Agent zeek_http.origin=db:zeek_http.origin;kind:termfield;friendly:Origin Header;help:Origin Header zeek_http.request_body_len=db:zeek_http.request_body_len;kind:integer;friendly:Request Body Length;help:Request Body Length zeek_http.response_body_len=db:zeek_http.response_body_len;kind:integer;friendly:Response Body Length;help:Response Body Length zeek_http.status_code=db:zeek_http.status_code;kind:integer;friendly:Status Code;help:Status Code zeek_http.status_msg=db:zeek_http.status_msg;kind:termfield;friendly:Status Message;help:Status Message zeek_http.info_code=db:zeek_http.info_code;kind:integer;friendly:Informational Code;help:Informational Code zeek_http.info_msg=db:zeek_http.info_msg;kind:termfield;friendly:Informational Message;help:Informational Message zeek_http.tags=db:zeek_http.tags;kind:termfield;friendly:HTTP Tag;help:HTTP Tag zeek_http.proxied=db:zeek_http.proxied;kind:termfield;friendly:Proxy Header;help:Proxy Header zeek_http.orig_fuids=db:zeek_http.orig_fuids;kind:termfield;friendly:Originating File ID;help:Originating File ID zeek_http.orig_filenames=db:zeek_http.orig_filenames;kind:termfield;friendly:Originating Filename;help:Originating Filename zeek_http.orig_mime_types=db:zeek_http.orig_mime_types;kind:termfield;friendly:Originating File Magic;help:Originating File Magic zeek_http.resp_fuids=db:zeek_http.resp_fuids;kind:termfield;friendly:Responding File ID;help:Responding File ID zeek_http.resp_filenames=db:zeek_http.resp_filenames;kind:termfield;friendly:Responding Filename;help:Responding Filename zeek_http.resp_mime_types=db:zeek_http.resp_mime_types;kind:termfield;friendly:Responding File Magic;help:Responding File Magic zeek_http.post_username=db:zeek_http.post_username;kind:termfield;friendly:POST User;help:POST User zeek_http.post_password_plain=db:zeek_http.post_password_plain;kind:termfield;friendly:POST Password;help:POST Password # intel.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Info zeek_intel.indicator=db:zeek_intel.indicator;kind:termfield;friendly:Indicator;help:Indicator zeek_intel.indicator_type=db:zeek_intel.indicator_type;kind:termfield;friendly:Indicator Type;help:Indicator Type zeek_intel.seen_where=db:zeek_intel.seen_where;kind:termfield;friendly:Where Discovered;help:Where Discovered zeek_intel.seen_node=db:zeek_intel.seen_node;kind:termfield;friendly:Discovered Node;help:Discovered Node zeek_intel.matched=db:zeek_intel.matched;kind:termfield;friendly:Match Indicator;help:Match Indicator zeek_intel.sources=db:zeek_intel.sources;kind:termfield;friendly:Match Source;help:Match Source zeek_intel.file_mime_type=db:zeek_intel.file_mime_type;kind:termfield;friendly:File Magic;help:File Magic zeek_intel.file_description=db:zeek_intel.file_description;kind:termfield;friendly:File Description;help:File Description # ipsec.log # https://github.com/zeek/spicy-analyzers/blob/main/analyzer/protocol/ipsec/main.zeek zeek_ipsec.is_orig=db:zeek_ipsec.is_orig;kind:termfield;friendly:Is Originator;help:Is Originator zeek_ipsec.initiator_spi=db:zeek_ipsec.initiator_spi;kind:termfield;friendly:Initiator SPI;help:Initiator SPI zeek_ipsec.responder_spi=db:zeek_ipsec.responder_spi;kind:termfield;friendly:Responder SPI;help:Responder SPI zeek_ipsec.maj_ver=db:zeek_ipsec.maj_ver;kind:integer;friendly:Major Version;help:Major Version zeek_ipsec.min_ver=db:zeek_ipsec.min_ver;kind:integer;friendly:Minor Version;help:Minor Version zeek_ipsec.exchange_type=db:zeek_ipsec.exchange_type;kind:integer;friendly:Exchange Type;help:Exchange Type zeek_ipsec.flag_e=db:zeek_ipsec.flag_e;kind:termfield;friendly:Flag E;help:Flag E zeek_ipsec.flag_c=db:zeek_ipsec.flag_c;kind:termfield;friendly:Flag C;help:Flac C zeek_ipsec.flag_a=db:zeek_ipsec.flag_a;kind:termfield;friendly:Flag A;help:Flag A zeek_ipsec.flag_i=db:zeek_ipsec.flag_i;kind:termfield;friendly:Flag I;help:Flag I zeek_ipsec.flag_v=db:zeek_ipsec.flag_v;kind:termfield;friendly:Flag V;help:Flag V zeek_ipsec.flag_r=db:zeek_ipsec.flag_r;kind:termfield;friendly:Flag R;help:Flag R zeek_ipsec.flags=db:zeek_ipsec.flags;kind:termfield;friendly:Flags;help:Flags zeek_ipsec.message_id=db:zeek_ipsec.message_id;kind:termfield;friendly:Message ID;help:Message ID zeek_ipsec.vendor_ids=db:zeek_ipsec.vendor_ids;kind:termfield;friendly:Vendor ID;help:Vendor ID zeek_ipsec.notify_messages=db:zeek_ipsec.notify_messages;kind:termfield;friendly:Notify Message Type;help:Notify Message Type zeek_ipsec.transforms=db:zeek_ipsec.transforms;kind:termfield;friendly:Transform;help:Transform zeek_ipsec.ke_dh_groups=db:zeek_ipsec.ke_dh_groups;kind:integer;friendly:KE DH Group;help:KE DH Group zeek_ipsec.proposals=db:zeek_ipsec.proposals;kind:integer;friendly:Proposal;help:Proposal zeek_ipsec.certificates=db:zeek_ipsec.certificates;kind:termfield;friendly:Certificate Hash;help:Certificate Hash zeek_ipsec.transform_attributes=db:zeek_ipsec.transform_attributes;kind:termfield;friendly:Transform Attribute;help:Transform Attribute zeek_ipsec.length=db:zeek_ipsec.length;kind:integer;friendly:Message Length;help:Message Length zeek_ipsec.hash=db:zeek_ipsec.hash;kind:termfield;friendly:Transaction Hash;help:Transaction Hash # irc.log # https://docs.zeek.org/en/stable/scripts/base/protocols/irc/main.zeek.html#type-IRC::Info zeek_irc.nick=db:zeek_irc.nick;kind:termfield;friendly:Nickname;help:Nickname zeek_irc.command=db:zeek_irc.command;kind:termfield;friendly:Command;help:Command zeek_irc.value=db:zeek_irc.value;kind:termfield;friendly:Value;help:Value zeek_irc.addl=db:zeek_irc.addl;kind:termfield;friendly:Additional Data;help:Additional Data zeek_irc.dcc_file_name=db:zeek_irc.dcc_file_name;kind:termfield;friendly:DCC Filename;help:DCC Filename zeek_irc.dcc_file_size=db:zeek_irc.dcc_file_size;kind:integer;friendly:DCC File Size;help:DCC File Size zeek_irc.dcc_mime_type=db:zeek_irc.dcc_mime_type;kind:termfield;friendly:DCC File Magic;help:DCC File Magic # iso_cotp.log # https://github.com/amzn/zeek-plugin-s7comm/blob/master/scripts/main.zeek zeek_iso_cotp.pdu_type=db:zeek_iso_cotp.pdu_type;kind:termfield;friendly:PDU Type;help:PDU Type # kerberos.log # https://docs.zeek.org/en/stable/scripts/base/protocols/krb/main.zeek.html#type-KRB::Info zeek_kerberos.cname=db:zeek_kerberos.cname;kind:termfield;friendly:Client;help:Client zeek_kerberos.sname=db:zeek_kerberos.sname;kind:termfield;friendly:Service;help:Service zeek_kerberos.success=db:zeek_kerberos.success;kind:termfield;friendly:Success;help:Success zeek_kerberos.error_msg=db:zeek_kerberos.error_msg;kind:termfield;friendly:Error Message;help:Error Message zeek_kerberos.from=db:zeek_kerberos.from;kind:termfield;friendly:Ticket Valid From;help:Ticket Valid From zeek_kerberos.till=db:zeek_kerberos.till;kind:termfield;friendly:Ticket Valid Till;help:Ticket Valid Till zeek_kerberos.cipher=db:zeek_kerberos.cipher;kind:termfield;friendly:Encryption Type;help:Encryption Type zeek_kerberos.forwardable=db:zeek_kerberos.forwardable;kind:termfield;friendly:Forwardable;help:Forwardable zeek_kerberos.renewable=db:zeek_kerberos.renewable;kind:termfield;friendly:Renewable;help:Renewable zeek_kerberos.request_type=db:zeek_kerberos.request_type;kind:termfield;friendly:Request Type;help:Request Type zeek_kerberos.client_cert_subject=db:zeek_kerberos.client_cert_subject;kind:termfield;friendly:Client Certificate Subject;help:Client Certificate Subject zeek_kerberos.client_cert_fuid=db:zeek_kerberos.client_cert_fuid;kind:termfield;friendly:Client Certificate File ID;help:Client Certificate File ID zeek_kerberos.server_cert_subject=db:zeek_kerberos.server_cert_subject;kind:termfield;friendly:Server Certificate Subject;help:Server Certificate Subject zeek_kerberos.server_cert_fuid=db:zeek_kerberos.server_cert_fuid;kind:termfield;friendly:Server Certificate File ID;help:Server Certificate File ID # known_certs.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/ssl/known-certs.zeek.html#type-Known::CertsInfo zeek_known_certs.subject=db:zeek_known_certs.subject;kind:termfield;friendly:Certificate Subject;help:Certificate Subject zeek_known_certs.issuer_subject=db:zeek_known_certs.issuer_subject;kind:termfield;friendly:Issuer Subject;help:Issuer Subject zeek_known_certs.serial=db:zeek_known_certs.serial;kind:termfield;friendly:Serial Number;help:Serial Number # known_modbus.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/modbus/known-masters-slaves.zeek.html#type-Known::ModbusInfo zeek_known_modbus.device_type=db:zeek_known_modbus.device_type;kind:termfield;friendly:Role;help:Role # ldap.log # https://github.com/mmguero-dev/spicy-analyzers/blob/main/analyzer/protocol/ldap/ldap.zeek zeek_ldap.message_id=db:zeek_ldap.message_id;kind:termfield;friendly:Message ID;help:Message ID zeek_ldap.version=db:zeek_ldap.version;kind:integer;friendly:LDAP Version;help:LDAP Version zeek_ldap.operation=db:zeek_ldap.operation;kind:termfield;friendly:Operation;help:Operation zeek_ldap.result_code=db:zeek_ldap.result_code;kind:termfield;friendly:Result Code;help:Result Code zeek_ldap.result_message=db:zeek_ldap.result_message;kind:termfield;friendly:Diagnostic Message;help:Diagnostic Message zeek_ldap.object=db:zeek_ldap.object;kind:termfield;friendly:Object;help:Object zeek_ldap.argument=db:zeek_ldap.argument;kind:termfield;friendly:Arguments;help:Arguments # ldap_search.log # https://github.com/mmguero-dev/spicy-analyzers/blob/main/analyzer/protocol/ldap/ldap.zeek zeek_ldap_search.message_id=db:zeek_ldap_search.message_id;kind:termfield;friendly:Message ID;help:Message ID zeek_ldap_search.scope=db:zeek_ldap_search.scope;kind:termfield;friendly:Scope;help:Scope zeek_ldap_search.deref=db:zeek_ldap_search.deref;kind:termfield;friendly:Dereference Alias;help:Dereference Alias zeek_ldap_search.base_object=db:zeek_ldap_search.base_object;kind:termfield;friendly:Base Object;help:Base Object zeek_ldap_search.result_count=db:zeek_ldap_search.result_count;kind:integer;friendly:Result Count;help:Result Count zeek_ldap_search.result_code=db:zeek_ldap_search.result_code;kind:termfield;friendly:Result Code;help:Result Code zeek_ldap_search.result_message=db:zeek_ldap_search.result_message;kind:termfield;friendly:Diagnostic Message;help:Diagnostic Message # login.log - custom login.log module (rudimentary, login/rlogin/rsh analyzers are old and not the greatest) zeek_login.success=db:zeek_login.success;kind:termfield;friendly:Successful Login;help:Successful Login zeek_login.confused=db:zeek_login.confused;kind:termfield;friendly:Analyzer Confused;help:Analyzer Confused zeek_login.client_user=db:zeek_login.client_user;kind:termfield;friendly:Client User;help:Client User # modbus.log # https://docs.zeek.org/en/stable/scripts/base/protocols/modbus/main.zeek.html#type-Modbus::Info zeek_modbus.func=db:zeek_modbus.func;kind:termfield;friendly:Function;help:Function zeek_modbus.exception=db:zeek_modbus.exception;kind:termfield;friendly:Exception;help:Exception # modbus_detailed.log # https://github.com/cisagov/ICSNPP zeek_modbus_detailed.unit_id=db:modbus_detailed.unit_id;kind:integer;friendly:Unit/Slave ID;help:Unit/Slave ID zeek_modbus_detailed.func=db:modbus_detailed.func;kind:termfield;friendly:Modbus Function Code;help:Modbus Function Code zeek_modbus_detailed.network_direction=db:modbus_detailed.network_direction;kind:termfield;friendly:Request or Response;help:Request or Response zeek_modbus_detailed.address=db:modbus_detailed.address;kind:integer;friendly:Starting Memory Address;help:Starting Memory Address zeek_modbus_detailed.quantity=db:modbus_detailed.quantity;kind:integer;friendly:Number of Values;help:Number of Values zeek_modbus_detailed.values=db:modbus_detailed.values;kind:termfield;friendly:Values;help:Values # modbus_mask_write_register.log # https://github.com/cisagov/ICSNPP zeek_modbus_mask_write_register.unit_id=db:modbus_mask_write_register.unit_id;kind:integer;friendly:Unit/Slave ID;help:Unit/Slave ID zeek_modbus_mask_write_register.func=db:modbus_mask_write_register.func;kind:termfield;friendly:Modbus Function Code;help:Modbus Function Code zeek_modbus_mask_write_register.network_direction=db:modbus_mask_write_register.network_direction;kind:termfield;friendly:Request or Response;help:Request or Response zeek_modbus_mask_write_register.address=db:modbus_mask_write_register.address;kind:integer;friendly:Starting Memory Address;help:Starting Memory Address zeek_modbus_mask_write_register.and_mask=db:modbus_mask_write_register.and_mask;kind:integer;friendly:Boolean AND mask to apply to target register;help:Boolean AND mask to apply to target register zeek_modbus_mask_write_register.or_mask=db:modbus_mask_write_register.or_mask;kind:integer;friendly:Boolean OR mask to apply to target register;help:Boolean OR mask to apply to target register # modbus_read_write_multiple_registers.log # https://github.com/cisagov/ICSNPP zeek_modbus_read_write_multiple_registers.unit_id=db:modbus_read_write_multiple_registers.unit_id;kind:integer;friendly:Unit/Slave ID;help:Unit/Slave ID zeek_modbus_read_write_multiple_registers.func=db:modbus_read_write_multiple_registers.func;kind:termfield;friendly:Modbus Function Code;help:Modbus Function Code zeek_modbus_read_write_multiple_registers.network_direction=db:modbus_read_write_multiple_registers.network_direction;kind:termfield;friendly:Request or Response;help:Request or Response zeek_modbus_read_write_multiple_registers.write_start_address=db:modbus_read_write_multiple_registers.write_start_address;kind:integer;friendly:Starting address of the registers to write to;help:Starting address of the registers to write to zeek_modbus_read_write_multiple_registers.write_registers=db:modbus_read_write_multiple_registers.write_registers;kind:termfield;friendly:Register values written;help:Register values written zeek_modbus_read_write_multiple_registers.read_start_address=db:modbus_read_write_multiple_registers.read_start_address;kind:integer;friendly:Starting address of the registers to read;help:Starting address of the registers to read zeek_modbus_read_write_multiple_registers.read_quantity=db:modbus_read_write_multiple_registers.read_quantity;kind:integer;friendly:Number of registers to read;help:Number of registers to read zeek_modbus_read_write_multiple_registers.read_registers=db:modbus_read_write_multiple_registers.read_registers;kind:termfield;friendly:Register values read;help:Register values read # modbus_register_change.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/modbus/track-memmap.zeek.html#type-Modbus::MemmapInfo zeek_modbus_register_change.register=db:zeek_modbus_register_change.register;kind:integer;friendly:Register;help:Register zeek_modbus_register_change.old_val=db:zeek_modbus_register_change.old_val;kind:integer;friendly:Old Value;help:Old Value zeek_modbus_register_change.new_val=db:zeek_modbus_register_change.new_val;kind:integer;friendly:New Value;help:New Value zeek_modbus_register_change.delta=db:zeek_modbus_register_change.delta;kind:termfield;friendly:Change Interval;help:Change Interval # mqtt_connect.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::ConnectInfo zeek_mqtt_connect.proto_name=db:zeek_mqtt_connect.proto_name;kind:termfield;friendly:MQTT Protocol;help:MQTT Protocol zeek_mqtt_connect.proto_version=db:zeek_mqtt_connect.proto_version;kind:termfield;friendly:Protocol Version;help:Protocol Version zeek_mqtt_connect.client_id=db:zeek_mqtt_connect.client_id;kind:termfield;friendly:Client ID;help:Client ID zeek_mqtt_connect.connect_status=db:zeek_mqtt_connect.connect_status;kind:termfield;friendly:Connect Status;help:Connect Status zeek_mqtt_connect.will_topic=db:zeek_mqtt_connect.will_topic;kind:termfield;friendly:LWT Topic;help:Last Will and Testament Topic zeek_mqtt_connect.will_payload=db:zeek_mqtt_connect.will_payload;kind:termfield;friendly:LWT Payload;help:Last Will and Testament Payload # mqtt_publish.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::PublishInfo zeek_mqtt_publish.from_client=db:zeek_mqtt_publish.from_client;kind:termfield;friendly:From Client;help:From Client zeek_mqtt_publish.retain=db:zeek_mqtt_publish.retain;kind:termfield;friendly:Retain Flag;help:Retain Flag zeek_mqtt_publish.qos=db:zeek_mqtt_publish.qos;kind:termfield;friendly:QoS Level;help:QoS Level zeek_mqtt_publish.status=db:zeek_mqtt_publish.status;kind:termfield;friendly:Message Status;help:Message Status zeek_mqtt_publish.topic=db:zeek_mqtt_publish.topic;kind:termfield;friendly:Topic;help:Topic zeek_mqtt_publish.payload=db:zeek_mqtt_publish.payload;kind:termfield;friendly:Payload;help:Payload zeek_mqtt_publish.payload_len=db:zeek_mqtt_publish.payload_len;kind:integer;friendly:Payload Length;help:Payload Length # mqtt_subscribe.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::SubscribeInfo zeek_mqtt_subscribe.action=db:zeek_mqtt_subscribe.action;kind:termfield;friendly:Action;help:Action zeek_mqtt_subscribe.topics=db:zeek_mqtt_subscribe.topics;kind:termfield;friendly:Topic;help:Topic zeek_mqtt_subscribe.qos_levels=db:zeek_mqtt_subscribe.qos_levels;kind:integer;friendly:QoS Level Requested;help:QoS Level Requested zeek_mqtt_subscribe.granted_qos_level=db:zeek_mqtt_subscribe.granted_qos_level;kind:integer;friendly:QoS Level Granted;help:QoS Level Granted zeek_mqtt_subscribe.ack=db:zeek_mqtt_subscribe.ack;kind:termfield;friendly:ACKed;help:ACKed # mysql.log # https://docs.zeek.org/en/stable/scripts/base/protocols/mysql/main.zeek.html#type-MySQL::Info zeek_mysql.cmd=db:zeek_mysql.cmd;kind:termfield;friendly:Command;help:Command zeek_mysql.arg=db:zeek_mysql.arg;kind:termfield;friendly:Argument;help:Argument zeek_mysql.success=db:zeek_mysql.success;kind:termfield;friendly:Success;help:Success zeek_mysql.rows=db:zeek_mysql.rows;kind:integer;friendly:Rows Affected;help:Rows Affected zeek_mysql.response=db:zeek_mysql.response;kind:termfield;friendly:Response;help:Response # notice.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/notice/main.zeek.html#type-Notice::Info zeek_notice.file_mime_type=db:zeek_notice.file_mime_type;kind:termfield;friendly:File Magic;help:File Magic zeek_notice.file_desc=db:zeek_notice.file_desc;kind:termfield;friendly:File Description;help:File Description zeek_notice.note=db:zeek_notice.note;kind:termfield;friendly:Notice Type;help:Notice Type zeek_notice.category=db:zeek_notice.category;kind:termfield;friendly:Category;help:Category zeek_notice.sub_category=db:zeek_notice.sub_category;kind:termfield;friendly:Subcategory;help:Subcategory zeek_notice.msg=db:zeek_notice.msg;kind:termfield;friendly:Message;help:Message zeek_notice.sub=db:zeek_notice.sub;kind:termfield;friendly:Submessage;help:Submessage zeek_notice.src=db:zeek_notice.src;kind:termfield;friendly:Notice Source;help:Notice Source zeek_notice.dst=db:zeek_notice.dst;kind:termfield;friendly:Notice Destination;help:Notice Destination zeek_notice.p=db:zeek_notice.p;kind:integer;friendly:Notice Port;help:Notice Port zeek_notice.n=db:zeek_notice.n;kind:integer;friendly:Notice Count or Code;help:Notice Count or Code zeek_notice.peer_descr=db:zeek_notice.peer_descr;kind:termfield;friendly:Remote Peer;help:Remote Peer zeek_notice.actions=db:zeek_notice.actions;kind:termfield;friendly:Action;help:Action zeek_notice.suppress_for=db:zeek_notice.suppress_for;kind:termfield;friendly:Suppress Interval;help:Suppress Interval zeek_notice.dropped=db:zeek_notice.dropped;kind:termfield;friendly:Dropped;help:Dropped zeek_notice.remote_location_country_code=db:zeek_notice.remote_location_country_code;kind:termfield;friendly:Notice Country Code;help:Notice Country Code zeek_notice.remote_location_region=db:zeek_notice.remote_location_region;kind:termfield;friendly:Notice Region;help:Notice Region zeek_notice.remote_location_city=db:zeek_notice.remote_location_city;kind:termfield;friendly:Notice City;help:Notice City zeek_notice.remote_location_latitude=db:zeek_notice.remote_location_latitude;kind:termfield;friendly:Notice Latitude;help:Notice Latitude zeek_notice.remote_location_longitude=db:zeek_notice.remote_location_longitude;kind:termfield;friendly:Notice Longitude;help:Notice Longitude # ntlm.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ntlm/main.zeek.html#type-NTLM::Info zeek_ntlm.host=db:zeek_ntlm.host;kind:termfield;friendly:Client Hostname;help:Client Hostname zeek_ntlm.domain=db:zeek_ntlm.domain;kind:termfield;friendly:Client Domain Name;help:Client Domain Name zeek_ntlm.success=db:zeek_ntlm.success;kind:termfield;friendly:Authentication Success;help:Authentication Success zeek_ntlm.status=db:zeek_ntlm.status;kind:termfield;friendly:Status;help:Status zeek_ntlm.server_nb_computer=db:zeek_ntlm.server_nb_computer;kind:termfield;friendly:Server CHALLENGE NetBIOS;help:Server CHALLENGE NetBIOS zeek_ntlm.server_dns_computer=db:zeek_ntlm.server_dns_computer;kind:termfield;friendly:Server CHALLENGE DNS;help:Server CHALLENGE DNS zeek_ntlm.server_tree=db:zeek_ntlm.server_tree;kind:termfield;friendly:Server CHALLENGE Tree;help:Server CHALLENGE Tree # ntp.log # https://docs.zeek.org/en/latest/scripts/base/protocols/ntp/main.zeek.html#type-NTP::Info zeek_ntp.version=db:zeek_ntp.version;kind:integer;friendly:NTP Version;help:NTP Version zeek_ntp.mode=db:zeek_ntp.mode;kind:termfield;friendly:NTP Mode Code;help:NTP Mode Code zeek_ntp.mode_str=db:zeek_ntp.mode_str;kind:termfield;friendly:NTP Mode;help:NTP Mode zeek_ntp.stratum=db:zeek_ntp.stratum;kind:termfield;friendly:Stratum;help:Stratum zeek_ntp.poll=db:zeek_ntp.poll;kind:termfield;friendly:Poll Interval;help:Poll Interval zeek_ntp.precision=db:zeek_ntp.precision;kind:termfield;friendly:Clock Precision;help:Clock Precision zeek_ntp.root_delay=db:zeek_ntp.root_delay;kind:termfield;friendly:Synchronizing Distance;help:Synchronizing Distance zeek_ntp.root_disp=db:zeek_ntp.root_disp;kind:termfield;friendly:Estimated Drift Rate;help:Estimated Drift Rate zeek_ntp.ref_id=db:zeek_ntp.ref_id;kind:termfield;friendly:Reference Clock Identifier;help:Reference Clock Identifier zeek_ntp.ref_time=db:zeek_ntp.ref_time;kind:termfield;friendly:Reference Timestamp;help:Reference Timestamp zeek_ntp.org_time=db:zeek_ntp.org_time;kind:termfield;friendly:Originate Timestamp;help:Originate Timestamp zeek_ntp.rec_time=db:zeek_ntp.rec_time;kind:termfield;friendly:Receive Timestamp;help:Receive Timestamp zeek_ntp.xmt_time=db:zeek_ntp.xmt_time;kind:termfield;friendly:Transmit Timestamp;help:Transmit Timestamp zeek_ntp.num_exts=db:zeek_ntp.num_exts;kind:integer;friendly:Extension Fields;help:Extension Fields # pe.log # https://docs.zeek.org/en/stable/scripts/base/files/pe/main.zeek.html#type-PE::Info zeek_pe.machine=db:zeek_pe.machine;kind:termfield;friendly:Target Machine;help:Target Machine zeek_pe.compile_ts=db:zeek_pe.compile_ts;kind:termfield;friendly:Compile Timestamp;help:Compile Timestamp zeek_pe.os=db:zeek_pe.os;kind:termfield;friendly:Target OS;help:Target Operating System zeek_pe.subsystem=db:zeek_pe.subsystem;kind:termfield;friendly:Target Subsystem;help:Target Subsystem zeek_pe.is_exe=db:zeek_pe.is_exe;kind:termfield;friendly:Executable;help:Is an executable (vs. an object file) zeek_pe.is_64bit=db:zeek_pe.is_64bit;kind:termfield;friendly:64 Bit;help:Is a 64-bit object zeek_pe.uses_aslr=db:zeek_pe.uses_aslr;kind:termfield;friendly:Uses ASLR;help:Uses Address Space Layout Randomization zeek_pe.uses_dep=db:zeek_pe.uses_dep;kind:termfield;friendly:Uses DEP;help:Uses Data Execution Prevention zeek_pe.uses_code_integrity=db:zeek_pe.uses_code_integrity;kind:termfield;friendly:Enforces Integrity Checks;help:Enforces Code Integrity Checks zeek_pe.uses_seh=db:zeek_pe.uses_seh;kind:termfield;friendly:Uses SEH;help:Uses Structured Exception Handling zeek_pe.has_import_table=db:zeek_pe.has_import_table;kind:termfield;friendly:Has Import Table;help:Has Import Table zeek_pe.has_export_table=db:zeek_pe.has_export_table;kind:termfield;friendly:Has Export Table;help:Has Export Table zeek_pe.has_cert_table=db:zeek_pe.has_cert_table;kind:termfield;friendly:Has Certificate Table;help:Has Attribute Certificate Table zeek_pe.has_debug_data=db:zeek_pe.has_debug_data;kind:termfield;friendly:Has Debug Table;help:Has Debug Table zeek_pe.section_names=db:zeek_pe.section_names;kind:termfield;friendly:Sections;help:Sections # profinet.log # https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek zeek_profinet.operation_type=db:zeek_profinet.operation_type;kind:termfield;friendly:Operation;help:Operation zeek_profinet.block_version=db:zeek_profinet.block_version;kind:termfield;friendly:Block Version;help:Block Version zeek_profinet.slot_number=db:zeek_profinet.slot_number;kind:integer;friendly:Slot;help:Slot zeek_profinet.subslot_number=db:zeek_profinet.subslot_number;kind:integer;friendly:Subslot;help:Subslot zeek_profinet.index=db:zeek_profinet.index;kind:termfield;friendly:Index;help:Index # profinet_dce_rpc.log # https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek zeek_profinet_dce_rpc.version=db:zeek_profinet_dce_rpc.version;kind:integer;friendly:Version;help:Version zeek_profinet_dce_rpc.packet_type=db:zeek_profinet_dce_rpc.packet_type;kind:termfield;friendly:Packet Type;help:Packet Type zeek_profinet_dce_rpc.object_uuid=db:zeek_profinet_dce_rpc.object_uuid;kind:termfield;friendly:Object UUID;help:Object UUID zeek_profinet_dce_rpc.interface_uuid=db:zeek_profinet_dce_rpc.interface_uuid;kind:termfield;friendly:Interface UUID;help:Interface UUID zeek_profinet_dce_rpc.activity_uuid=db:zeek_profinet_dce_rpc.activity_uuid;kind:termfield;friendly:Activity UUID;help:Activity UUID zeek_profinet_dce_rpc.server_boot_time=db:zeek_profinet_dce_rpc.server_boot_time;kind:integer;friendly:Server Boot Time;help:Server Boot Time zeek_profinet_dce_rpc.operation=db:zeek_profinet_dce_rpc.operation;kind:termfield;friendly:Operation;help:Operation # radius.log # https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info zeek_radius.mac=db:zeek_radius.mac;kind:termfield;friendly:MAC Address;help:MAC Address zeek_radius.framed_addr=db:zeek_radius.framed_addr;kind:termfield;friendly:Framed Address;help:Framed Address zeek_radius.tunnel_client=db:zeek_radius.tunnel_client;kind:termfield;friendly:Initiator Address;help:Initiator Address zeek_radius.connect_info=db:zeek_radius.connect_info;kind:termfield;friendly:Connect Info;help:Connect Info zeek_radius.reply_msg=db:zeek_radius.reply_msg;kind:termfield;friendly:Reply Message;help:Reply Message zeek_radius.result=db:zeek_radius.result;kind:termfield;friendly:Result;help:Result zeek_radius.ttl=db:zeek_radius.ttl;kind:termfield;friendly:TTL;help:TTL # rdp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/rdp/main.zeek.html#type-RDP::Info zeek_rdp.cookie=db:zeek_rdp.cookie;kind:termfield;friendly:Cookie;help:Cookie zeek_rdp.result=db:zeek_rdp.result;kind:termfield;friendly:Connection Result;help:Connection Result zeek_rdp.security_protocol=db:zeek_rdp.security_protocol;kind:termfield;friendly:Security Protocol;help:Security Protocol zeek_rdp.client_channels=db:zeek_rdp.client_channels;kind:termfield;friendly:Channel;help:Channel zeek_rdp.keyboard_layout=db:zeek_rdp.keyboard_layout;kind:termfield;friendly:Keyboard Layout;help:Keyboard Layout zeek_rdp.client_build=db:zeek_rdp.client_build;kind:termfield;friendly:Client Version;help:Client Version zeek_rdp.client_name=db:zeek_rdp.client_name;kind:termfield;friendly:Client Name;help:Client Name zeek_rdp.client_dig_product_id=db:zeek_rdp.client_dig_product_id;kind:termfield;friendly:Client Product ID;help:Client Product ID zeek_rdp.desktop_width=db:zeek_rdp.desktop_width;kind:integer;friendly:Desktop Width;help:Desktop Width zeek_rdp.desktop_height=db:zeek_rdp.desktop_height;kind:integer;friendly:Desktop Height;help:Desktop Height zeek_rdp.requested_color_depth=db:zeek_rdp.requested_color_depth;kind:termfield;friendly:Color Depth;help:Color Depth zeek_rdp.cert_type=db:zeek_rdp.cert_type;kind:termfield;friendly:Certificate Type;help:Certificate Type zeek_rdp.cert_count=db:zeek_rdp.cert_count;kind:integer;friendly:Certificate Count;help:Certificate Count zeek_rdp.cert_permanent=db:zeek_rdp.cert_permanent;kind:termfield;friendly:Certificate is Permanent;help:Certificate is Permanent zeek_rdp.encryption_level=db:zeek_rdp.encryption_level;kind:termfield;friendly:Encryption Level;help:Encryption Level zeek_rdp.encryption_method=db:zeek_rdp.encryption_method;kind:termfield;friendly:Encryption Method;help:Encryption Method # rfb.log # https://docs.zeek.org/en/stable/scripts/base/protocols/rfb/main.zeek.html#type-RFB::Info zeek_rfb.client_major_version=db:zeek_rfb.client_major_version;kind:termfield;friendly:Client Major Version;help:Client Major Version zeek_rfb.client_minor_version=db:zeek_rfb.client_minor_version;kind:termfield;friendly:Client Minor Version;help:Client Minor Version zeek_rfb.server_major_version=db:zeek_rfb.server_major_version;kind:termfield;friendly:Server Major Version;help:Server Major Version zeek_rfb.server_minor_version=db:zeek_rfb.server_minor_version;kind:termfield;friendly:Server Minor Version;help:Server Minor Version zeek_rfb.authentication_method=db:zeek_rfb.authentication_method;kind:termfield;friendly:Authentication Method;help:Authentication Method zeek_rfb.auth=db:zeek_rfb.auth;kind:termfield;friendly:Authentication Success;help:Authentication Success zeek_rfb.share_flag=db:zeek_rfb.share_flag;kind:termfield;friendly:Shared Session;help:Shared Session zeek_rfb.desktop_name=db:zeek_rfb.desktop_name;kind:termfield;friendly:Desktop Name;help:Desktop Name zeek_rfb.width=db:zeek_rfb.width;kind:integer;friendly:Desktop Width;help:Desktop Width zeek_rfb.height=db:zeek_rfb.height;kind:integer;friendly:Desktop Height;help:Desktop Height # s7comm.log # https://github.com/amzn/zeek-plugin-s7comm/blob/master/scripts/main.zeek zeek_s7comm.rosctr=db:zeek_s7comm.rosctr;kind:termfield;friendly:Message Type;help:Message Type zeek_s7comm.parameter=db:zeek_s7comm.parameter;kind:termfield;friendly:Parameters;help:Parameters zeek_s7comm.parameters.class=db:zeek_s7comm.parameters.class;kind:termfield;friendly:Class;help:Class zeek_s7comm.parameters.code=db:zeek_s7comm.parameters.code;kind:termfield;friendly:Code;help:Code zeek_s7comm.parameters.group=db:zeek_s7comm.parameters.group;kind:termfield;friendly:Group;help:Group zeek_s7comm.parameters.mode=db:zeek_s7comm.parameters.mode;kind:termfield;friendly:Mode;help:Mode zeek_s7comm.parameters.sub=db:zeek_s7comm.parameters.sub;kind:termfield;friendly:Sub;help:Sub zeek_s7comm.parameters.type=db:zeek_s7comm.parameters.type;kind:termfield;friendly:Type;help:Type zeek_s7comm.item_count=db:zeek_s7comm.item_count;kind:integer;friendly:Data Entries;help:Total number of data entries zeek_s7comm.data_info=db:zeek_s7comm.data_info;kind:termfield;friendly:Data Entry;help:Data of first entry # signatures.log zeek_signatures.note=db:zeek_signatures.note;kind:termfield;friendly:Note;help:Note zeek_signatures.signature_id=db:zeek_signatures.signature_id;kind:termfield;friendly:Signature ID;help:Signature ID zeek_signatures.event_message=db:zeek_signatures.event_message;kind:termfield;friendly:Message;help:Message zeek_signatures.sub_message=db:zeek_signatures.sub_message;kind:termfield;friendly:Submessage;help:Submessage zeek_signatures.signature_count=db:zeek_signatures.signature_count;kind:integer;friendly:Signatures Matched;help:Signatures Matched zeek_signatures.host_count=db:zeek_signatures.host_count;kind:integer;friendly:Host or Engine Count;help:Host or Engine Count zeek_signatures.engine=db:zeek_signatures.engine;kind:termfield;friendly:Scan Engines;help:Scan Engines zeek_signatures.hits=db:zeek_signatures.hits;kind:termfield;friendly:Hits;help:Hits # sip.log # https://docs.zeek.org/en/stable/scripts/base/protocols/sip/main.zeek.html#type-SIP::Info zeek_sip.trans_depth=db:zeek_sip.trans_depth;kind:integer;friendly:Pipeline Depth;help:Pipeline Depth zeek_sip.method=db:zeek_sip.method;kind:termfield;friendly:Request Method;help:Request Method zeek_sip.uri=db:zeek_sip.uri;kind:termfield;friendly:URI;help:URI zeek_sip.date=db:zeek_sip.date;kind:termfield;friendly:Request Date Header;help:Request Date Header zeek_sip.request_from=db:zeek_sip.request_from;kind:termfield;friendly:Request From Header;help:Request From Header zeek_sip.request_to=db:zeek_sip.request_to;kind:termfield;friendly:Request To Header;help:Request To Header zeek_sip.response_from=db:zeek_sip.response_from;kind:termfield;friendly:Response From Header;help:Response From Header zeek_sip.response_to=db:zeek_sip.response_to;kind:termfield;friendly:Response To Header;help:Response To Header zeek_sip.reply_to=db:zeek_sip.reply_to;kind:termfield;friendly:Reply-To Header;help:Reply-To Header zeek_sip.call_id=db:zeek_sip.call_id;kind:termfield;friendly:Client Call-ID Header;help:Client Call-ID Header zeek_sip.seq=db:zeek_sip.seq;kind:termfield;friendly:Client CSeq Header;help:Client CSeq Header zeek_sip.subject=db:zeek_sip.subject;kind:termfield;friendly:Client Subject Header;help:Client Subject Header zeek_sip.request_path=db:zeek_sip.request_path;kind:termfield;friendly:Request Path;help:Request Path zeek_sip.response_path=db:zeek_sip.response_path;kind:termfield;friendly:Response Path;help:Response Path zeek_sip.user_agent=db:zeek_sip.user_agent;kind:termfield;friendly:User Agent;help:User Agent zeek_sip.status_code=db:zeek_sip.status_code;kind:termfield;friendly:Status Code;help:Status Code zeek_sip.status_msg=db:zeek_sip.status_msg;kind:termfield;friendly:Status Message;help:Status Message zeek_sip.warning=db:zeek_sip.warning;kind:termfield;friendly:Warning Header;help:Warning Header zeek_sip.request_body_len=db:zeek_sip.request_body_len;kind:integer;friendly:Request Body Length;help:Request Body Length zeek_sip.response_body_len=db:zeek_sip.response_body_len;kind:integer;friendly:Response Body Length;help:Response Body Length zeek_sip.content_type=db:zeek_sip.content_type;kind:termfield;friendly:Content Type Header;help:Content Type Header zeek_sip.version=db:zeek_sip.version;kind:termfield;friendly:Version;help:Version # smb_cmd.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::CmdInfo zeek_smb_cmd.command=db:zeek_smb_cmd.command;kind:termfield;friendly:Command;help:Command zeek_smb_cmd.sub_command=db:zeek_smb_cmd.sub_command;kind:termfield;friendly:Subcommand;help:Subcommand zeek_smb_cmd.argument=db:zeek_smb_cmd.argument;kind:termfield;friendly:Argument;help:Argument zeek_smb_cmd.status=db:zeek_smb_cmd.status;kind:termfield;friendly:Status;help:Status zeek_smb_cmd.rtt=db:zeek_smb_cmd.rtt;kind:termfield;friendly:Round Trip Time;help:Round Trip Time zeek_smb_cmd.version=db:zeek_smb_cmd.version;kind:termfield;friendly:Version;help:Version zeek_smb_cmd.tree=db:zeek_smb_cmd.tree;kind:termfield;friendly:Tree;help:Tree zeek_smb_cmd.tree_service=db:zeek_smb_cmd.tree_service;kind:termfield;friendly:Tree Service;help:Tree Service # smb_files.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::FileInfo zeek_smb_files.action=db:zeek_smb_files.action;kind:termfield;friendly:Action;help:Action zeek_smb_files.path=db:zeek_smb_files.path;kind:termfield;friendly:File Path;help:File Path zeek_smb_files.name=db:zeek_smb_files.name;kind:termfield;friendly:File Name;help:File Name zeek_smb_files.size=db:zeek_smb_files.size;kind:integer;friendly:File Size;help:File Size zeek_smb_files.prev_name=db:zeek_smb_files.prev_name;kind:termfield;friendly:Previous File Name;help:Previous File Name zeek_smb_files.times_modified=db:zeek_smb_files.times_modified;kind:termfield;friendly:Write Time;help:Write Time zeek_smb_files.times_accessed=db:zeek_smb_files.times_accessed;kind:termfield;friendly:Access Time;help:Access Time zeek_smb_files.times_created=db:zeek_smb_files.times_created;kind:termfield;friendly:Creation Time;help:Creation Time zeek_smb_files.times_changed=db:zeek_smb_files.times_changed;kind:termfield;friendly:Modified Time;help:Modified Time zeek_smb_files.data_offset_req=db:zeek_smb_files.data_offset_req;kind:integer;friendly:Data Offset Requested;help:Data Offset Requested zeek_smb_files.data_len_req=db:zeek_smb_files.data_len_req;kind:integer;friendly:Data Length Requested;help:Data Length Requested zeek_smb_files.data_len_rsp=db:zeek_smb_files.data_len_rsp;kind:integer;friendly:Data Length In Response;help:Data Length In Response # smb_mapping.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::TreeInfo zeek_smb_mapping.path=db:zeek_smb_mapping.path;kind:termfield;friendly:Tree Path;help:Tree Path zeek_smb_mapping.resource_type=db:zeek_smb_mapping.resource_type;kind:termfield;friendly:Resource Type;help:Resource Type zeek_smb_mapping.native_file_system=db:zeek_smb_mapping.native_file_system;kind:termfield;friendly:File System;help:File System zeek_smb_mapping.share_type=db:zeek_smb_mapping.share_type;kind:termfield;friendly:Share Type;help:Share Type # smtp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smtp/main.zeek.html#type-SMTP::Info zeek_smtp.trans_depth=db:zeek_smtp.trans_depth;kind:integer;friendly:Transaction Depth;help:Transaction Depth zeek_smtp.helo=db:zeek_smtp.helo;kind:termfield;friendly:HELO;help:HELO zeek_smtp.mailfrom=db:zeek_smtp.mailfrom;kind:termfield;friendly:FROM Addresses;help:FROM Addresses zeek_smtp.rcptto=db:zeek_smtp.rcptto;kind:termfield;friendly:RCPT TO;help:RCPT TO zeek_smtp.date=db:zeek_smtp.date;kind:termfield;friendly:Date;help:Date zeek_smtp.from=db:zeek_smtp.from;kind:termfield;friendly:FROM;help:FROM zeek_smtp.to=db:zeek_smtp.to;kind:termfield;friendly:TO;help:TO zeek_smtp.cc=db:zeek_smtp.cc;kind:termfield;friendly:CC;help:CC zeek_smtp.reply_to=db:zeek_smtp.reply_to;kind:termfield;friendly:Reply-To;help:Reply-To zeek_smtp.msg_id=db:zeek_smtp.msg_id;kind:termfield;friendly:MsgId;help:MsgId zeek_smtp.in_reply_to=db:zeek_smtp.in_reply_to;kind:termfield;friendly:In-Reply-To;help:In-Reply-To zeek_smtp.subject=db:zeek_smtp.subject;kind:termfield;friendly:Subject;help:Subject zeek_smtp.x_originating_ip=db:zeek_smtp.x_originating_ip;kind:termfield;friendly:X-Originating-IP;help:X-Originating-IP zeek_smtp.first_received=db:zeek_smtp.first_received;kind:termfield;friendly:First Received;help:First Received zeek_smtp.second_received=db:zeek_smtp.second_received;kind:termfield;friendly:Second Received;help:Second Received zeek_smtp.last_reply=db:zeek_smtp.last_reply;kind:termfield;friendly:Last Reply;help:Last Reply zeek_smtp.last_reply_code=db:zeek_smtp.last_reply_code;kind:termfield;friendly:Last Reply Code;help:Last Reply Code zeek_smtp.last_reply_msg=db:zeek_smtp.last_reply_msg;kind:termfield;friendly:Last Reply Message;help:Last Reply Message zeek_smtp.path=db:zeek_smtp.path;kind:termfield;friendly:Tranmission Path;help:Tranmission Path zeek_smtp.user_agent=db:zeek_smtp.user_agent;kind:termfield;friendly:User Agent;help:User Agent zeek_smtp.tls=db:zeek_smtp.tls;kind:termfield;friendly:TLS;help:TLS zeek_smtp.is_webmail=db:zeek_smtp.is_webmail;kind:termfield;friendly:Is Webmail;help:Is Webmail # snmp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/snmp/main.zeek.html#type-SNMP::Info zeek_snmp.duration=db:zeek_snmp.duration;kind:termfield;friendly:Duration;help:Duration zeek_snmp.version=db:zeek_snmp.version;kind:termfield;friendly:Version;help:Version zeek_snmp.community=db:zeek_snmp.community;kind:termfield;friendly:Community;help:Community zeek_snmp.get_requests=db:zeek_snmp.get_requests;kind:integer;friendly:Get Requests;help:Get Requests zeek_snmp.get_bulk_requests=db:zeek_snmp.get_bulk_requests;kind:integer;friendly:Get Bulk Requests;help:Get Bulk Requests zeek_snmp.get_responses=db:zeek_snmp.get_responses;kind:integer;friendly:Get Responses;help:Get Responses zeek_snmp.set_requests=db:zeek_snmp.set_requests;kind:integer;friendly:Set Requests;help:Set Requests zeek_snmp.display_string=db:zeek_snmp.display_string;kind:termfield;friendly:Display String;help:Display String zeek_snmp.up_since=db:zeek_snmp.up_since;kind:termfield;friendly:Up Since Timestamp;help:Up Since Timestamp # socks.log # https://docs.zeek.org/en/stable/scripts/base/protocols/socks/main.zeek.html#type-SOCKS::Info zeek_socks.version=db:zeek_socks.version;kind:integer;friendly:Version;help:Version zeek_socks.server_status=db:zeek_socks.server_status;kind:termfield;friendly:Server Status;help:Server Status zeek_socks.request_host=db:zeek_socks.request_host;kind:termfield;friendly:Client Address;help:Client Address zeek_socks.request_name=db:zeek_socks.request_name;kind:termfield;friendly:Client Name;help:Client Name zeek_socks.request_port=db:zeek_socks.request_port;kind:integer;friendly:Client Port;help:Client Port zeek_socks.bound_host=db:zeek_socks.bound_host;kind:termfield;friendly:Server Address;help:Server Address zeek_socks.bound_name=db:zeek_socks.bound_name;kind:termfield;friendly:Server Name;help:Server Name zeek_socks.bound_port=db:zeek_socks.bound_port;kind:integer;friendly:Server Port;help:Server Port # software.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/software/main.zeek.html#type-Software::Info zeek_software.software_type=db:zeek_software.software_type;kind:termfield;friendly:Software Type;help:Software Type zeek_software.name=db:zeek_software.name;kind:termfield;friendly:Software Name;help:Software Name zeek_software.version_major=db:zeek_software.version_major;kind:integer;friendly:Major Version;help:Major Version zeek_software.version_minor=db:zeek_software.version_minor;kind:integer;friendly:Minor Version;help:Minor Version zeek_software.version_minor2=db:zeek_software.version_minor2;kind:integer;friendly:Minor Subversion;help:Minor Subversion zeek_software.version_minor3=db:zeek_software.version_minor3;kind:integer;friendly:Minor Patch;help:Minor Patch zeek_software.version_addl=db:zeek_software.version_addl;kind:termfield;friendly:Additional Version;help:Additional Version zeek_software.unparsed_version=db:zeek_software.unparsed_version;kind:termfield;friendly:Version;help:Version # ssh.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ssh/main.zeek.html#type-SSH::Info zeek_ssh.version=db:zeek_ssh.version;kind:integer;friendly:Version;help:Version zeek_ssh.auth_success=db:zeek_ssh.auth_success;kind:termfield;friendly:Authentication Success;help:Authentication Success zeek_ssh.auth_attempts=db:zeek_ssh.auth_attempts;kind:integer;friendly:Authentication Attempts;help:Authentication Attempts zeek_ssh.direction=db:zeek_ssh.direction;kind:termfield;friendly:Connection Direction;help:Connection Direction zeek_ssh.client=db:zeek_ssh.client;kind:termfield;friendly:Client Version;help:Client Version zeek_ssh.server=db:zeek_ssh.server;kind:termfield;friendly:Server Version;help:Server Version zeek_ssh.cipher_alg=db:zeek_ssh.cipher_alg;kind:termfield;friendly:Cipher;help:Cipher Algorithm zeek_ssh.mac_alg=db:zeek_ssh.mac_alg;kind:termfield;friendly:Signing Algorithm;help:Signing Algorithm zeek_ssh.compression_alg=db:zeek_ssh.compression_alg;kind:termfield;friendly:Compression Algorithm;help:Compression Algorithm zeek_ssh.kex_alg=db:zeek_ssh.kex_alg;kind:termfield;friendly:Key Exchange Algorithm;help:Key Exchange Algorithm zeek_ssh.host_key_alg=db:zeek_ssh.host_key_alg;kind:termfield;friendly:Server Host Key Algorithm;help:Server Host Key Algorithm zeek_ssh.host_key=db:zeek_ssh.host_key;kind:termfield;friendly:Server Key Fingerprint;help:Server Key Fingerprint zeek_ssh.remote_location_country_code=db:zeek_ssh.remote_location_country_code;kind:termfield;friendly:SSH Remote Country Code;help:SSH Remote Country Code zeek_ssh.remote_location_region=db:zeek_ssh.remote_location_region;kind:termfield;friendly:SSH Remote Region;help:SSH Remote Region zeek_ssh.remote_location_city=db:zeek_ssh.remote_location_city;kind:termfield;friendly:SSH Remote City;help:SSH Remote City zeek_ssh.remote_location_latitude=db:zeek_ssh.remote_location_latitude;kind:termfield;friendly:SSH Remote Latitude;help:SSH Remote Latitude zeek_ssh.remote_location_longitude=db:zeek_ssh.remote_location_longitude;kind:termfield;friendly:SSH Remote Longitude;help:SSH Remote Longitude zeek_ssh.hasshVersion=db:zeek_ssh.hasshVersion;kind:termfield;friendly:HASSH Version;help:HASSH Version zeek_ssh.hassh=db:zeek_ssh.hassh;kind:termfield;friendly:HASSH Client Fingerprint;help:HASSH Client Fingerprint zeek_ssh.hasshServer=db:zeek_ssh.hasshServer;kind:termfield;friendly:HASSH Server Fingerprint;help:HASSH Server Fingerprint zeek_ssh.hasshAlgorithms=db:zeek_ssh.hasshAlgorithms;kind:termfield;friendly:HASSH Client Algorithms;help:HASSH Client Algorithms zeek_ssh.hasshServerAlgorithms=db:zeek_ssh.hasshServerAlgorithms;kind:termfield;friendly:HASSH Server Algorithms;help:HASSH Server Algorithms zeek_ssh.cshka=db:zeek_ssh.cshka;kind:termfield;friendly:HASSH Client Host Key Algorithms;help:HASSH Client Host Key Algorithms zeek_ssh.sshka=db:zeek_ssh.sshka;kind:termfield;friendly:HASSH Server Host Key Algorithms;help:HASSH Server Host Key Algorithms # ssl.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ssl/main.zeek.html#type-SSL::Info zeek_ssl.ssl_version=db:zeek_ssl.ssl_version;kind:termfield;friendly:Version;help:Version zeek_ssl.cipher=db:zeek_ssl.cipher;kind:termfield;friendly:Cipher;help:Cipher zeek_ssl.curve=db:zeek_ssl.curve;kind:termfield;friendly:Elliptic Curve;help:Elliptic Curve zeek_ssl.server_name=db:zeek_ssl.server_name;kind:termfield;friendly:Server Name;help:Server Name zeek_ssl.resumed=db:zeek_ssl.resumed;kind:termfield;friendly:Resumed;help:Resumed zeek_ssl.last_alert=db:zeek_ssl.last_alert;kind:termfield;friendly:Last Alert;help:Last Alert zeek_ssl.next_protocol=db:zeek_ssl.next_protocol;kind:termfield;friendly:Next Protocol;help:Next Protocol zeek_ssl.established=db:zeek_ssl.established;kind:termfield;friendly:Established;help:Established zeek_ssl.cert_chain_fuids=db:zeek_ssl.cert_chain_fuids;kind:termfield;friendly:Certificate Chain File ID;help:Certificate Chain File ID zeek_ssl.client_cert_chain_fuids=db:zeek_ssl.client_cert_chain_fuids;kind:termfield;friendly:Client Certificate File ID;help:Client Certificate File ID zeek_ssl.issuer_full=db:zeek_ssl.issuer_full;kind:termfield;friendly:Issuer;help:Issuer zeek_ssl.subject.C=db:zeek_ssl.subject.C;kind:termfield;friendly:Subject Country;help:Subject Country zeek_ssl.subject.CN=db:zeek_ssl.subject.CN;kind:termfield;friendly:Subject Common Name;help:Subject Common Name zeek_ssl.subject.description=db:zeek_ssl.subject.description;kind:termfield;friendly:Subject Description;help:Subject Description zeek_ssl.subject.emailAddress=db:zeek_ssl.subject.emailAddress;kind:termfield;friendly:Subject Email Address;help:Subject Email Address zeek_ssl.subject_full=db:zeek_ssl.subject_full;kind:termfield;friendly:Subject;help:Subject zeek_ssl.subject.GN=db:zeek_ssl.subject.GN;kind:termfield;friendly:Subject Given Name;help:Subject Given Name zeek_ssl.subject.initials=db:zeek_ssl.subject.initials;kind:termfield;friendly:Subject Initials;help:Subject Initials zeek_ssl.subject.L=db:zeek_ssl.subject.L;kind:termfield;friendly:Subject Locality;help:Subject Locality zeek_ssl.subject.O=db:zeek_ssl.subject.O;kind:termfield;friendly:Subject Organization;help:Subject Organization zeek_ssl.subject.OU=db:zeek_ssl.subject.OU;kind:termfield;friendly:Subject Organization Unit;help:Subject Organization Unit zeek_ssl.subject.postalCode=db:zeek_ssl.subject.postalCode;kind:termfield;friendly:Subject Postal Code;help:Subject Postal Code zeek_ssl.subject.pseudonym=db:zeek_ssl.subject.pseudonym;kind:termfield;friendly:Subject Pseudonym;help:Subject Pseudonym zeek_ssl.subject.serialNumber=db:zeek_ssl.subject.serialNumber;kind:termfield;friendly:Subject Serial Number;help:Subject Serial Number zeek_ssl.subject.SN=db:zeek_ssl.subject.SN;kind:termfield;friendly:Subject Surname;help:Subject Surname zeek_ssl.subject.ST=db:zeek_ssl.subject.ST;kind:termfield;friendly:Subject State;help:Subject State zeek_ssl.subject.street=db:zeek_ssl.subject.street;kind:termfield;friendly:Subject Street;help:Subject Street zeek_ssl.subject.title=db:zeek_ssl.subject.title;kind:termfield;friendly:Subject Title;help:Subject Title zeek_ssl.issuer.CN=db:zeek_ssl.issuer.CN;kind:termfield;friendly:Issuer Common Name;help:Issuer Common Name zeek_ssl.issuer.C=db:zeek_ssl.issuer.C;kind:termfield;friendly:Issuer Country;help:Issuer Country zeek_ssl.issuer.O=db:zeek_ssl.issuer.O;kind:termfield;friendly:Issuer Organization;help:Issuer Organization zeek_ssl.issuer.OU=db:zeek_ssl.issuer.OU;kind:termfield;friendly:Issuer Organization Unit;help:Issuer Organization Unit zeek_ssl.issuer.ST=db:zeek_ssl.issuer.ST;kind:termfield;friendly:Issuer State;help:Issuer State zeek_ssl.issuer.SN=db:zeek_ssl.issuer.SN;kind:termfield;friendly:Issuer Surname;help:Issuer Surname zeek_ssl.issuer.L=db:zeek_ssl.issuer.L;kind:termfield;friendly:Issuer Locality;help:Issuer Locality zeek_ssl.issuer.DC=db:zeek_ssl.issuer.DC;kind:termfield;friendly:Issuer Distinguished Name;help:Issuer Distinguished Name zeek_ssl.issuer.GN=db:zeek_ssl.issuer.GN;kind:termfield;friendly:Issuer Given Name;help:Issuer Given Name zeek_ssl.issuer.pseudonym=db:zeek_ssl.issuer.pseudonym;kind:termfield;friendly:Issuer Pseudonym;help:Issuer Pseudonym zeek_ssl.issuer.serialNumber=db:zeek_ssl.issuer.serialNumber;kind:termfield;friendly:Issuer Serial Number;help:Issuer Serial Number zeek_ssl.issuer.title=db:zeek_ssl.issuer.title;kind:termfield;friendly:Issuer Title;help:Issuer Title zeek_ssl.issuer.initials=db:zeek_ssl.issuer.initials;kind:termfield;friendly:Issuer Initials;help:Issuer Initials zeek_ssl.issuer.emailAddress=db:zeek_ssl.issuer.emailAddress;kind:termfield;friendly:Issuer Email Address;help:Issuer Email Address zeek_ssl.client_subject_full=db:zeek_ssl.client_subject_full;kind:termfield;friendly:Client Subject;help:Client Subject zeek_ssl.client_subject.CN=db:zeek_ssl.client_subject.CN;kind:termfield;friendly:Client Subject Common Name;help:Client Subject Common Name zeek_ssl.client_subject.C=db:zeek_ssl.client_subject.C;kind:termfield;friendly:Client Subject Country;help:Client Subject Country zeek_ssl.client_subject.O=db:zeek_ssl.client_subject.O;kind:termfield;friendly:Client Subject Organization;help:Client Subject Organization zeek_ssl.client_subject.OU=db:zeek_ssl.client_subject.OU;kind:termfield;friendly:Client Subject Organization Unit;help:Client Subject Organization Unit zeek_ssl.client_subject.ST=db:zeek_ssl.client_subject.ST;kind:termfield;friendly:Client Subject State;help:Client Subject State zeek_ssl.client_subject.SN=db:zeek_ssl.client_subject.SN;kind:termfield;friendly:Client Subject Surname;help:Client Subject Surname zeek_ssl.client_subject.L=db:zeek_ssl.client_subject.L;kind:termfield;friendly:Client Subject Locality;help:Client Subject Locality zeek_ssl.client_subject.GN=db:zeek_ssl.client_subject.GN;kind:termfield;friendly:Client Subject Given Name;help:Client Subject Given Name zeek_ssl.client_subject.pseudonym=db:zeek_ssl.client_subject.pseudonym;kind:termfield;friendly:Client Subject Pseudonym;help:Client Subject Pseudonym zeek_ssl.client_subject.serialNumber=db:zeek_ssl.client_subject.serialNumber;kind:termfield;friendly:Client Subject Serial Number;help:Client Subject Serial Number zeek_ssl.client_subject.title=db:zeek_ssl.client_subject.title;kind:termfield;friendly:Client Subject Title;help:Client Subject Title zeek_ssl.client_subject.initials=db:zeek_ssl.client_subject.initials;kind:termfield;friendly:Client Subject Initials;help:Client Subject Initials zeek_ssl.client_subject.emailAddress=db:zeek_ssl.client_subject.emailAddress;kind:termfield;friendly:Client Subject Email Address;help:Client Subject Email Address zeek_ssl.client_issuer_full=db:zeek_ssl.client_issuer_full;kind:termfield;friendly:Client Issuer;help:Client Issuer zeek_ssl.client_issuer.CN=db:zeek_ssl.client_issuer.CN;kind:termfield;friendly:Client Issuer Common Name;help:Client Issuer Common Name zeek_ssl.client_issuer.C=db:zeek_ssl.client_issuer.C;kind:termfield;friendly:Client Issuer Country;help:Client Issuer Country zeek_ssl.client_issuer.O=db:zeek_ssl.client_issuer.O;kind:termfield;friendly:Client Issuer Organization;help:Client Issuer Organization zeek_ssl.client_issuer.OU=db:zeek_ssl.client_issuer.OU;kind:termfield;friendly:Client Issuer Organization Unit;help:Client Issuer Organization Unit zeek_ssl.client_issuer.ST=db:zeek_ssl.client_issuer.ST;kind:termfield;friendly:Client Issuer State;help:Client Issuer State zeek_ssl.client_issuer.SN=db:zeek_ssl.client_issuer.SN;kind:termfield;friendly:Client Issuer Surname;help:Client Issuer Surname zeek_ssl.client_issuer.L=db:zeek_ssl.client_issuer.L;kind:termfield;friendly:Client Issuer Locality;help:Client Issuer Locality zeek_ssl.client_issuer.DC=db:zeek_ssl.client_issuer.DC;kind:termfield;friendly:Client Issuer Distinguished Name;help:Client Issuer Distinguished Name zeek_ssl.client_issuer.GN=db:zeek_ssl.client_issuer.GN;kind:termfield;friendly:Client Issuer Given Name;help:Client Issuer Given Name zeek_ssl.client_issuer.pseudonym=db:zeek_ssl.client_issuer.pseudonym;kind:termfield;friendly:Client Issuer Pseudonym;help:Client Issuer Pseudonym zeek_ssl.client_issuer.serialNumber=db:zeek_ssl.client_issuer.serialNumber;kind:termfield;friendly:Client Issuer Serial Number;help:Client Issuer Serial Number zeek_ssl.client_issuer.title=db:zeek_ssl.client_issuer.title;kind:termfield;friendly:Client Issuer Title;help:Client Issuer Title zeek_ssl.client_issuer.initials=db:zeek_ssl.client_issuer.initials;kind:termfield;friendly:Client Issuer Initials;help:Client Issuer Initials zeek_ssl.client_issuer.emailAddress=db:zeek_ssl.client_issuer.emailAddress;kind:termfield;friendly:Client Issuer Email Address;help:Client Issuer Email Address zeek_ssl.validation_status=db:zeek_ssl.validation_status;kind:termfield;friendly:Validation Status;help:Validation Status zeek_ssl.ja3=db:zeek_ssl.ja3;kind:termfield;friendly:JA3 Fingerprint;help:JA3 Fingerprint zeek_ssl.ja3s=db:zeek_ssl.ja3s;kind:termfield;friendly:JA3S Fingerprint;help:JA3S Fingerprint zeek_ssl.ja3_desc=db:zeek_ssl.ja3_desc;kind:termfield;friendly:JA3 Fingerprint Lookup;help:JA3 Fingerprint Lookup zeek_ssl.ja3s_desc=db:zeek_ssl.ja3s_desc;kind:termfield;friendly:JA3S Fingerprint Lookup;help:JA3S Fingerprint Lookup # syslog.log # https://docs.zeek.org/en/stable/scripts/base/protocols/syslog/main.zeek.html#type-Syslog::Info zeek_syslog.facility=db:zeek_syslog.facility;kind:termfield;friendly:Facility;help:Facility zeek_syslog.severity=db:zeek_syslog.severity;kind:termfield;friendly:Severity;help:Severity zeek_syslog.message=db:zeek_syslog.message;kind:termfield;friendly:Message;help:Message # tds.log - https://github.com/amzn/zeek-plugin-tds # https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek zeek_tds.command=db:zeek_tds.command;kind:termfield;friendly:Command;help:Command # tds_rpc.log - https://github.com/amzn/zeek-plugin-tds # https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek zeek_tds_rpc.procedure_name=db:zeek_tds_rpc.procedure_name;kind:termfield;friendly:Procedure;help:Procedure zeek_tds_rpc.parameters=db:zeek_tds_rpc.parameters;kind:termfield;friendly:Parameters;help:Parameters # tds_sql_batch.log - https://github.com/amzn/zeek-plugin-tds # https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek zeek_tds_sql_batch.header_type=db:zeek_tds_sql_batch.header_type;kind:termfield;friendly:Header Type;help:Header Type zeek_tds_sql_batch.query=db:zeek_tds_sql_batch.query;kind:termfield;friendly:Query;help:Query # tftp.log # https://github.com/zeek/spicy-tftp zeek_tftp.block_acked=db:zeek_tftp.block_acked;kind:integer;friendly:Highest Block ACKed;help:Highest Block ACKed zeek_tftp.block_sent=db:zeek_tftp.block_sent;kind:integer;friendly:Highest Block Sent;help:Highest Block Sent zeek_tftp.error_code=db:zeek_tftp.error_code;kind:integer;friendly:Error Code;help:Error Code zeek_tftp.error_msg=db:zeek_tftp.error_msg;kind:integer;friendly:Error Message;help:Error Message zeek_tftp.fname=db:zeek_tftp.fname;kind:termfield;friendly:File Name;help:File Name zeek_tftp.mode=db:zeek_tftp.mode;kind:termfield;friendly:Transfer Mode;help:Transfer Mode zeek_tftp.size=db:zeek_tftp.size;kind:termfield;friendly:Transfer Size;help:Transfer Size zeek_tftp.uid_data=db:zeek_tftp.uid_data;kind:termfield;friendly:Data Connection ID;help:Data Connection ID zeek_tftp.wrq=db:zeek_tftp.wrq;kind:termfield;friendly:Write Request;help:Write Request # tunnel.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/tunnels/main.zeek.html#type-Tunnel::Info zeek_tunnel.tunnel_type=db:zeek_tunnel.tunnel_type;kind:termfield;friendly:Tunnel Type;help:Tunnel Type zeek_tunnel.action=db:zeek_tunnel.action;kind:termfield;friendly:Action;help:Action # weird.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/notice/weird.zeek.html#type-Weird::Info zeek_weird.name=db:zeek_weird.name;kind:termfield;friendly:Name;help:Name zeek_weird.addl=db:zeek_weird.addl;kind:termfield;friendly:Additional Info;help:Additional Info zeek_weird.notice=db:zeek_weird.notice;kind:termfield;friendly:Notice;help:Generated a notice zeek_weird.peer=db:zeek_weird.peer;kind:termfield;friendly:Remote Peer;help:Remote Peer # wireguard.log # https://github.com/zeek/spicy-analyzers/tree/main/analyzer/protocol/wireguard zeek_wireguard.established=db:zeek_wireguard.established;kind:termfield;friendly:Established;help:Established zeek_wireguard.initiations=db:zeek_wireguard.initiations;kind:integer;friendly:Initiation Packets;help:Initiation Packets zeek_wireguard.responses=db:zeek_wireguard.responses;kind:integer;friendly:Response Packets;help:Response Packets # x509.log # https://docs.zeek.org/en/stable/scripts/base/files/x509/main.zeek.html#type-X509::Info zeek_x509.certificate_version=db:zeek_x509.certificate_version;kind:integer;friendly:Version;help:Version zeek_x509.certificate_serial=db:zeek_x509.certificate_serial;kind:termfield;friendly:Serial Number;help:Serial Number zeek_x509.certificate_subject_full=db:zeek_x509.certificate_subject_full;kind:termfield;friendly:Subject;help:Subject zeek_x509.certificate_subject.CN=db:zeek_x509.certificate_subject.CN;kind:termfield;friendly:Subject Common Name;help:Subject Common Name zeek_x509.certificate_subject.C=db:zeek_x509.certificate_subject.C;kind:termfield;friendly:Subject Country;help:Subject Country zeek_x509.certificate_subject.description=db:zeek_x509.certificate_subject.description;kind:termfield;friendly:Subject Description;help:Subject Description zeek_x509.certificate_subject.postalCode=db:zeek_x509.certificate_subject.postalCode;kind:termfield;friendly:Subject Postal Code;help:Subject Postal Code zeek_x509.certificate_subject.street=db:zeek_x509.certificate_subject.street;kind:termfield;friendly:Subject Street;help:Subject Street zeek_x509.certificate_subject.O=db:zeek_x509.certificate_subject.O;kind:termfield;friendly:Subject Organization;help:Subject Organization zeek_x509.certificate_subject.OU=db:zeek_x509.certificate_subject.OU;kind:termfield;friendly:Subject Organization Unit;help:Subject Organization Unit zeek_x509.certificate_subject.ST=db:zeek_x509.certificate_subject.ST;kind:termfield;friendly:Subject State;help:Subject State zeek_x509.certificate_subject.SN=db:zeek_x509.certificate_subject.SN;kind:termfield;friendly:Subject Surname;help:Subject Surname zeek_x509.certificate_subject.L=db:zeek_x509.certificate_subject.L;kind:termfield;friendly:Subject Locality;help:Subject Locality zeek_x509.certificate_subject.DC=db:zeek_x509.certificate_subject.DC;kind:termfield;friendly:Subject Distinguished Name;help:Subject Distinguished Name zeek_x509.certificate_subject.GN=db:zeek_x509.certificate_subject.GN;kind:termfield;friendly:Subject Given Name;help:Subject Given Name zeek_x509.certificate_subject.pseudonym=db:zeek_x509.certificate_subject.pseudonym;kind:termfield;friendly:Subject Pseudonym;help:Subject Pseudonym zeek_x509.certificate_subject.serialNumber=db:zeek_x509.certificate_subject.serialNumber;kind:termfield;friendly:Subject Serial Number;help:Subject Serial Number zeek_x509.certificate_subject.title=db:zeek_x509.certificate_subject.title;kind:termfield;friendly:Subject Title;help:Subject Title zeek_x509.certificate_subject.initials=db:zeek_x509.certificate_subject.initials;kind:termfield;friendly:Subject Initials;help:Subject Initials zeek_x509.certificate_subject.emailAddress=db:zeek_x509.certificate_subject.emailAddress;kind:termfield;friendly:Subject Email Address;help:Subject Email Address zeek_x509.certificate_issuer_full=db:zeek_x509.certificate_issuer_full;kind:termfield;friendly:Issuer;help:Issuer zeek_x509.certificate_issuer.CN=db:zeek_x509.certificate_issuer.CN;kind:termfield;friendly:Issuer Common Name;help:Issuer Common Name zeek_x509.certificate_issuer.DC=db:zeek_x509.certificate_issuer.DC;kind:termfield;friendly:Issuer Common Name;help:Issuer Distinguished Name zeek_x509.certificate_issuer.C=db:zeek_x509.certificate_issuer.C;kind:termfield;friendly:Issuer Country;help:Issuer Country zeek_x509.certificate_issuer.O=db:zeek_x509.certificate_issuer.O;kind:termfield;friendly:Issuer Organization;help:Issuer Organization zeek_x509.certificate_issuer.OU=db:zeek_x509.certificate_issuer.OU;kind:termfield;friendly:Issuer Organization Unit;help:Issuer Organization Unit zeek_x509.certificate_issuer.ST=db:zeek_x509.certificate_issuer.ST;kind:termfield;friendly:Issuer State;help:Issuer State zeek_x509.certificate_issuer.SN=db:zeek_x509.certificate_issuer.SN;kind:termfield;friendly:Issuer Surname;help:Issuer Surname zeek_x509.certificate_issuer.L=db:zeek_x509.certificate_issuer.L;kind:termfield;friendly:Issuer Locality;help:Issuer Locality zeek_x509.certificate_issuer.GN=db:zeek_x509.certificate_issuer.GN;kind:termfield;friendly:Issuer Given Name;help:Issuer Given Name zeek_x509.certificate_issuer.pseudonym=db:zeek_x509.certificate_issuer.pseudonym;kind:termfield;friendly:Issuer Pseudonym;help:Issuer Pseudonym zeek_x509.certificate_issuer.serialNumber=db:zeek_x509.certificate_issuer.serialNumber;kind:termfield;friendly:Issuer Serial Number;help:Issuer Serial Number zeek_x509.certificate_issuer.title=db:zeek_x509.certificate_issuer.title;kind:termfield;friendly:Issuer Title;help:Issuer Title zeek_x509.certificate_issuer.initials=db:zeek_x509.certificate_issuer.initials;kind:termfield;friendly:Issuer Initials;help:Issuer Initials zeek_x509.certificate_issuer.emailAddress=db:zeek_x509.certificate_issuer.emailAddress;kind:termfield;friendly:Issuer Email Address;help:Issuer Email Address zeek_x509.certificate_not_valid_before=db:zeek_x509.certificate_not_valid_before;kind:termfield;friendly:Not Valid Before;help:Not Valid Before zeek_x509.certificate_not_valid_after=db:zeek_x509.certificate_not_valid_after;kind:termfield;friendly:Not Valid After;help:Not Valid After zeek_x509.certificate_key_alg=db:zeek_x509.certificate_key_alg;kind:termfield;friendly:Key Algorithm;help:Key Algorithm zeek_x509.certificate_sig_alg=db:zeek_x509.certificate_sig_alg;kind:termfield;friendly:Signature Algorithm;help:Signature Algorithm zeek_x509.certificate_key_type=db:zeek_x509.certificate_key_type;kind:termfield;friendly:Key Type;help:Key Type zeek_x509.certificate_key_length=db:zeek_x509.certificate_key_length;kind:integer;friendly:Key Bitlength;help:Key Bitlength zeek_x509.certificate_exponent=db:zeek_x509.certificate_exponent;kind:termfield;friendly:RSA Exponent;help:RSA Exponent zeek_x509.certificate_curve=db:zeek_x509.certificate_curve;kind:termfield;friendly:Elliptic Curve;help:Elliptic Curve zeek_x509.san_dns=db:zeek_x509.san_dns;kind:termfield;friendly:SAN DNS;help:Subject Alternative Name DNS zeek_x509.san_uri=db:zeek_x509.san_uri;kind:termfield;friendly:SAN URI;help:Subject Alternative Name URI zeek_x509.san_email=db:zeek_x509.san_email;kind:termfield;friendly:SAN Email;help:Subject Alternative Name Email zeek_x509.san_ip=db:zeek_x509.san_ip;kind:termfield;friendly:SAN IP;help:Subject Alternative Name IP zeek_x509.basic_constraints_ca=db:zeek_x509.basic_constraints_ca;kind:termfield;friendly:CA Flag;help:CA Flag zeek_x509.basic_constraints_path_len=db:zeek_x509.basic_constraints_path_len;kind:integer;friendly:Maximum Path Length;help:Maximum Path Length [custom-views] zeek_bacnet=require:zeek_bacnet;title:Zeek bacnet.log;fields:zeek_bacnet.bvlc_function,zeek_bacnet.pdu_type,zeek_bacnet.pdu_service,zeek_bacnet.invoke_id,zeek_bacnet.result_code zeek_bacnet_discovery=require:zeek_bacnet_discovery;title:Zeek bacnet_discovery.log;fields:zeek_bacnet_discovery.pdu_service,zeek_bacnet_discovery.object_type,zeek_bacnet_discovery.instance_number,zeek_bacnet_discovery.vendor,zeek_bacnet_discovery.range,zeek_bacnet_discovery.range_low,zeek_bacnet_discovery.range_high,zeek_bacnet_discovery.object_name zeek_bacnet_property=require:zeek_bacnet_property;title:Zeek bacnet_property.log;fields:zeek_bacnet_property.pdu_service,zeek_bacnet_property.object_type,zeek_bacnet_property.instance_number,zeek_bacnet_property.property,zeek_bacnet_property.array_index,zeek_bacnet_property.value zeek_bestguess=require:zeek_bestguess;title:Zeek bestguess.log;fields:zeek_bestguess.name,zeek_bestguess.category zeek_bsap_ip_header=require:zeek_bsap_ip_header;title:Zeek bsap_ip_header.log;fields:zeek_bsap_ip_header.num_msg,zeek_bsap_ip_header.type_name zeek_bsap_ip_rdb=require:zeek_bsap_ip_rdb;title:Zeek bsap_ip_rdb.log;fields:zeek_bsap_ip_rdb.app_func_code,zeek_bsap_ip_rdb.data,zeek_bsap_ip_rdb.data_len,zeek_bsap_ip_rdb.func_code,zeek_bsap_ip_rdb.header_size,zeek_bsap_ip_rdb.mes_seq,zeek_bsap_ip_rdb.node_status,zeek_bsap_ip_rdb.res_seq,zeek_bsap_ip_rdb.sequence zeek_bsap_ip_unknown=require:zeek_bsap_ip_unknown;title:Zeek bsap_ip_unknown.log;fields:zeek_bsap_ip_unknown.data zeek_bsap_serial_header=require:zeek_bsap_serial_header;title:Zeek bsap_serial_header.log;fields:zeek_bsap_serial_header.ctl,zeek_bsap_serial_header.dadd,zeek_bsap_serial_header.dfun,zeek_bsap_serial_header.nsb,zeek_bsap_serial_header.sadd,zeek_bsap_serial_header.seq,zeek_bsap_serial_header.ser,zeek_bsap_serial_header.sfun,zeek_bsap_serial_header.type_name zeek_bsap_serial_rdb=require:zeek_bsap_serial_rdb;title:Zeek bsap_serial_rdb.log;fields:zeek_bsap_serial_rdb.data,zeek_bsap_serial_rdb.func_code zeek_bsap_serial_rdb_ext=require:zeek_bsap_serial_rdb_ext;title:Zeek bsap_serial_rdb_ext.log;fields:zeek_bsap_serial_rdb_ext.data,zeek_bsap_serial_rdb_ext.dfun,zeek_bsap_serial_rdb_ext.extfun,zeek_bsap_serial_rdb_ext.nsb,zeek_bsap_serial_rdb_ext.seq,zeek_bsap_serial_rdb_ext.sfun zeek_bsap_serial_unknown=require:zeek_bsap_serial_unknown;title:Zeek bsap_serial_unknown.log;fields:zeek_bsap_serial_unknown.data zeek_cip=require:zeek_cip;title:Zeek cip.log;fields:zeek_cip.cip_sequence_count,zeek_cip.direction,zeek_cip.cip_service,zeek_cip.cip_status,zeek_cip.class_id,zeek_cip.class_name,zeek_cip.instance_id,zeek_cip.attribute_id,zeek_cip.data_id,zeek_cip.other_id zeek_cip_identity=require:zeek_cip_identity;title:Zeek cip_identity.log;fields:zeek_cip_identity.encapsulation_version,zeek_cip_identity.socket_address,zeek_cip_identity.socket_address_geo.city_name,zeek_cip_identity.socket_address_geo.country_name,zeek_cip_identity.socket_address_asn,zeek_cip_identity.socket_port,zeek_cip_identity.vendor_id,zeek_cip_identity.vendor_name,zeek_cip_identity.device_type_id,zeek_cip_identity.device_type_name,zeek_cip_identity.product_code,zeek_cip_identity.revision,zeek_cip_identity.device_status,zeek_cip_identity.serial_number,zeek_cip_identity.product_name,zeek_cip_identity.device_state zeek_cip_io=require:zeek_cip_io;title:Zeek cip_io.log;fields:zeek_cip_io.connection_id,zeek_cip_io.sequence_number,zeek_cip_io.data_length,zeek_cip_io.io_data zeek_conn=require:zeek_conn;title:Zeek conn.log;fields:zeek_conn.duration,zeek_conn.orig_bytes,zeek_conn.resp_bytes,zeek_conn.conn_state,zeek_conn.conn_state_description,zeek_conn.local_orig,zeek_conn.local_resp,zeek_conn.missed_bytes,zeek_conn.history,zeek_conn.orig_pkts,zeek_conn.orig_ip_bytes,zeek_conn.resp_pkts,zeek_conn.resp_ip_bytes,zeek_conn.tunnel_parents,zeek_conn.vlan,zeek_conn.inner_vlan zeek_dce_rpc=require:zeek_dce_rpc;title:Zeek dce_rpc.log;fields:zeek_dce_rpc.rtt,zeek_dce_rpc.named_pipe,zeek_dce_rpc.endpoint,zeek_dce_rpc.operation zeek_dhcp=require:zeek_dhcp;title:Zeek dhcp.log;fields:zeek_dhcp.mac,zeek_dhcp.assigned_ip,zeek_dhcp.lease_time,zeek_dhcp.trans_id,zeek_dhcp.client_fqdn,zeek_dhcp.client_message,zeek_dhcp.domain,zeek_dhcp.duration,zeek_dhcp.host_name,zeek_dhcp.msg_types,zeek_dhcp.requested_ip,zeek_dhcp.server_message,zeek_dhcp.client_software,zeek_dhcp.server_software zeek_dnp3=require:zeek_dnp3;title:Zeek dnp3.log;fields:zeek_dnp3.fc_request,zeek_dnp3.fc_reply,zeek_dnp3.iin,zeek_dnp3.iin_flags zeek_dnp3_control=require:zeek_dnp3_control;title:Zeek dnp3_control.log;fields:zeek_dnp3_control.block_type,zeek_dnp3_control.function_code,zeek_dnp3_control.index_number,zeek_dnp3_control.trip_control_code,zeek_dnp3_control.operation_type,zeek_dnp3_control.execute_count,zeek_dnp3_control.on_time,zeek_dnp3_control.off_time,zeek_dnp3_control.status_code zeek_dnp3_objects=require:zeek_dnp3_objects;title:Zeek dnp3_objects.log;fields:zeek_dnp3_objects.function_code,zeek_dnp3_objects.object_type,zeek_dnp3_objects.object_count,zeek_dnp3_objects.range_low,zeek_dnp3_objects.range_high zeek_dns=require:zeek_dns;title:Zeek dns.log;fields:zeek_dns.trans_id,zeek_dns.rtt,zeek_dns.query,zeek_dns.qclass,zeek_dns.qclass_name,zeek_dns.qtype,zeek_dns.qtype_name,zeek_dns.rcode,zeek_dns.rcode_name,zeek_dns.AA,zeek_dns.TC,zeek_dns.RD,zeek_dns.RA,zeek_dns.Z,zeek_dns.answers,zeek_dns.TTLs,zeek_dns.rejected zeek_dpd=require:zeek_dpd;title:Zeek dpd.log;fields:zeek_dpd.service,zeek_dpd.failure_reason zeek_ecat_registers=require:zeek_ecat_registers;title:Zeek ecat_registers.log;fields:zeek_ecat_registers.command,zeek_ecat_registers.slave_addr,zeek_ecat_registers.register_type,zeek_ecat_registers.register_addr,zeek_ecat_registers.data zeek_ecat_log_address=require:zeek_ecat_log_address;title:Zeek ecat_log_address.log;fields:zeek_ecat_log_address.log_addr,zeek_ecat_log_address.length,zeek_ecat_log_address.command,zeek_ecat_log_address.data zeek_ecat_dev_info=require:zeek_ecat_dev_info;title:Zeek ecat_dev_info.log;fields:zeek_ecat_dev_info.slave_id,zeek_ecat_dev_info.revision,zeek_ecat_dev_info.dev_type,zeek_ecat_dev_info.build,zeek_ecat_dev_info.fmmucnt,zeek_ecat_dev_info.smcount,zeek_ecat_dev_info.ports,zeek_ecat_dev_info.dpram,zeek_ecat_dev_info.features zeek_ecat_aoe_info=require:zeek_ecat_aoe_info;title:Zeek ecat_aoe_info.log;fields:zeek_ecat_aoe_info.resp_port,zeek_ecat_aoe_info.orig_port,zeek_ecat_aoe_info.command,zeek_ecat_aoe_info.state,zeek_ecat_aoe_info.data zeek_ecat_coe_info=require:zeek_ecat_coe_info;title:Zeek ecat_coe_info.log;fields:zeek_ecat_coe_info.number,zeek_ecat_coe_info.type,zeek_ecat_coe_info.req_resp,zeek_ecat_coe_info.index,zeek_ecat_coe_info.subindex,zeek_ecat_coe_info.dataoffset zeek_ecat_foe_info=require:zeek_ecat_foe_info;title:Zeek ecat_foe_info.log;fields:zeek_ecat_foe_info.opcode,zeek_ecat_foe_info.reserved,zeek_ecat_foe_info.packet_num,zeek_ecat_foe_info.error_code,zeek_ecat_foe_info.filename,zeek_ecat_foe_info.data zeek_ecat_soe_info=require:zeek_ecat_soe_info;title:Zeek ecat_soe_info.log;fields:zeek_ecat_soe_info.opcode,zeek_ecat_soe_info.incomplete,zeek_ecat_soe_info.error,zeek_ecat_soe_info.drive_num,zeek_ecat_soe_info.element,zeek_ecat_soe_info.index zeek_ecat_arp_info=require:zeek_ecat_arp_info;title:Zeek ecat_arp_info.log;fields:zeek_ecat_arp_info.arp_type,zeek_ecat_arp_info.orig_proto_addr,zeek_ecat_arp_info.orig_hw_addr,zeek_ecat_arp_info.resp_proto_addr,zeek_ecat_arp_info.resp_hw_addr zeek_enip=require:zeek_enip;title:Zeek enip.log;fields:zeek_enip.enip_command,zeek_enip.length,zeek_enip.session_handle,zeek_enip.enip_status,zeek_enip.sender_context,zeek_enip.options zeek_files=require:zeek_files;title:Zeek files.log;fields:zeek_files.tx_hosts,zeek_files.rx_hosts,zeek_files.conn_uids,zeek_files.source,zeek_files.depth,zeek_files.analyzers,zeek_files.mime_type,zeek_files.filename,zeek_files.duration,zeek_files.local_orig,zeek_files.is_orig,zeek_files.seen_bytes,zeek_files.total_bytes,zeek_files.missing_bytes,zeek_files.overflow_bytes,zeek_files.timedout,zeek_files.parent_fuid,zeek_files.md5,zeek_files.sha1,zeek_files.sha256,zeek_files.extracted,zeek_files.extracted_cutoff,zeek_files.extracted_size zeek_ftp=require:zeek_ftp;title:Zeek ftp.log;fields:zeek_ftp.command,zeek_ftp.arg,zeek_ftp.mime_type,zeek_ftp.file_size,zeek_ftp.reply_code,zeek_ftp.reply_msg,zeek_ftp.data_channel_passive,zeek_ftp.data_channel_orig_h,zeek_ftp.data_channel_resp_h,zeek_ftp.data_channel_resp_p zeek_gquic=require:zeek_gquic;title:Zeek gquic.log;fields:zeek_gquic.version,zeek_gquic.server_name,zeek_gquic.user_agent,zeek_gquic.tag_count,zeek_gquic.cyu,zeek_gquic.cyutags zeek_http=require:zeek_http;title:Zeek http.log;fields:zeek_http.trans_depth,zeek_http.method,zeek_http.host,zeek_http.uri,zeek_http.origin,zeek_http.post_password_plain,zeek_http.post_username,zeek_http.referrer,zeek_http.version,zeek_http.user_agent,zeek_http.request_body_len,zeek_http.response_body_len,zeek_http.status_code,zeek_http.status_msg,zeek_http.info_code,zeek_http.info_msg,zeek_http.tags,zeek_http.proxied,zeek_http.orig_fuids,zeek_http.orig_filenames,zeek_http.orig_mime_types,zeek_http.resp_fuids,zeek_http.resp_filenames,zeek_http.resp_mime_types zeek_intel=require:zeek_intel;title:Zeek intel.log;fields:zeek_intel.indicator,zeek_intel.indicator_type,zeek_intel.seen_where,zeek_intel.seen_node,zeek_intel.matched,zeek_intel.sources,zeek_intel.file_mime_type,zeek_intel.file_description zeek_ipsec=require:zeek_ipsec;title:Zeek ipsec.log;fields:zeek_ipsec.is_orig,zeek_ipsec.initiator_spi,zeek_ipsec.responder_spi,zeek_ipsec.maj_ver,zeek_ipsec.min_ver,zeek_ipsec.exchange_type,zeek_ipsec.flag_e,zeek_ipsec.flag_c,zeek_ipsec.flag_a,zeek_ipsec.flag_i,zeek_ipsec.flag_v,zeek_ipsec.flag_r,zeek_ipsec.flags,zeek_ipsec.message_id,zeek_ipsec.vendor_ids,zeek_ipsec.notify_messages,zeek_ipsec.transforms,zeek_ipsec.ke_dh_groups,zeek_ipsec.proposals,zeek_ipsec.certificates,zeek_ipsec.transform_attributes,zeek_ipsec.length,zeek_ipsec.hash zeek_irc=require:zeek_irc;title:Zeek irc.log;fields:zeek_irc.nick,zeek_irc.command,zeek_irc.value,zeek_irc.addl,zeek_irc.dcc_file_name,zeek_irc.dcc_file_size,zeek_irc.dcc_mime_type zeek_iso_cotp=require:zeek_iso_cotp;title:Zeek iso_cotp.log;fields:zeek_iso_cotp.pdu_type zeek_kerberos=require:zeek_kerberos;title:Zeek kerberos.log;fields:zeek_kerberos.cname,zeek_kerberos.sname,zeek_kerberos.success,zeek_kerberos.error_msg,zeek_kerberos.from,zeek_kerberos.till,zeek_kerberos.cipher,zeek_kerberos.forwardable,zeek_kerberos.renewable,zeek_kerberos.request_type,zeek_kerberos.client_cert_subject,zeek_kerberos.client_cert_fuid,zeek_kerberos.server_cert_subject,zeek_kerberos.server_cert_fuid zeek_known_certs=require:zeek_known_certs;title:Zeek known_certs.log;fields:zeek_known_certs.subject,zeek_known_certs.issuer_subject,zeek_known_certs.serial zeek_known_modbus=require:zeek_known_modbus;title:Zeek zeek_known_modbus.log;fields:zeek_known_modbus.device_type zeek_ldap=require:zeek_ldap;title:Zeek ldap.log;fields:zeek_ldap.message_id,zeek_ldap.version,zeek_ldap.operation,zeek_ldap.result_code,zeek_ldap.result_message,zeek_ldap.object,zeek_ldap.argument zeek_ldap_search=require:zeek_ldap_search;title:Zeek ldap_search.log;fields:zeek_ldap_search.message_id,zeek_ldap_search.scope,zeek_ldap_search.deref,zeek_ldap_search.base_object,zeek_ldap_search.result_count,zeek_ldap_search.result_code,zeek_ldap_search.result_message zeek_login=require:zeek_login;title:Zeek login.log;fields:zeek_login.client_user,zeek_login.confused,zeek_login.success zeek_modbus=require:zeek_modbus;title:Zeek modbus.log;fields:zeek_modbus.func,zeek_modbus.exception zeek_modbus_detailed=require:zeek_modbus_detailed;title:Zeek modbus_detailed.log;fields:zeek_modbus_detailed.unit_id,zeek_modbus_detailed.func,zeek_modbus_detailed.network_direction,zeek_modbus_detailed.address,zeek_modbus_detailed.quantity,zeek_modbus_detailed.values zeek_modbus_mask_write_register=require:zeek_modbus_mask_write_register;title:Zeek modbus_mask_write_register.log;fields:zeek_modbus_mask_write_register.unit_id,zeek_modbus_mask_write_register.func,zeek_modbus_mask_write_register.network_direction,zeek_modbus_mask_write_register.address,zeek_modbus_mask_write_register.and_mask,zeek_modbus_mask_write_register.or_mask zeek_modbus_read_write_multiple_registers=require:zeek_modbus_read_write_multiple_registers;title:Zeek modbus_read_write_multiple_registers.log;fields:zeek_modbus_read_write_multiple_registers.unit_id,zeek_modbus_read_write_multiple_registers.func,zeek_modbus_read_write_multiple_registers.network_direction,zeek_modbus_read_write_multiple_registers.write_start_address,zeek_modbus_read_write_multiple_registers.write_registers,zeek_modbus_read_write_multiple_registers.read_start_address,zeek_modbus_read_write_multiple_registers.read_quantity,zeek_modbus_read_write_multiple_registers.read_registers zeek_modbus_register_change=require:zeek_modbus_register_change;title:Zeek modbus_register_change.log;fields:zeek_modbus_register_change.register,zeek_modbus_register_change.old_val,zeek_modbus_register_change.new_val,zeek_modbus_register_change.delta zeek_mqtt_connect=require:zeek_mqtt_connect;title:Zeek mqtt_connect.log;fields:zeek_mqtt_connect.proto_name,zeek_mqtt_connect.proto_version,zeek_mqtt_connect.client_id,zeek_mqtt_connect.connect_status,zeek_mqtt_connect.will_topic,zeek_mqtt_connect.will_payload zeek_mqtt_publish=require:zeek_mqtt_publish;title:Zeek mqtt_publish.log;fields:zeek_mqtt_publish.from_client,zeek_mqtt_publish.retain,zeek_mqtt_publish.qos,zeek_mqtt_publish.status,zeek_mqtt_publish.topic,zeek_mqtt_publish.payload,zeek_mqtt_publish.payload_len zeek_mqtt_subscribe=require:zeek_mqtt_subscribe;title:Zeek mqtt_subscribe.log;fields:zeek_mqtt_subscribe.action,zeek_mqtt_subscribe.topics,zeek_mqtt_subscribe.qos_levels,zeek_mqtt_subscribe.granted_qos_level,zeek_mqtt_subscribe.ack zeek_mysql=require:zeek_mysql;title:Zeek mysql.log;fields:zeek_mysql.cmd,zeek_mysql.arg,zeek_mysql.success,zeek_mysql.rows,zeek_mysql.response zeek_notice=require:zeek_notice;title:Zeek notice.log;fields:zeek_notice.file_mime_type,zeek_notice.file_desc,zeek_notice.note,zeek_notice.msg,zeek_notice.sub,zeek_notice.src,zeek_notice.dst,zeek_notice.p,zeek_notice.n,zeek_notice.peer_descr,zeek_notice.actions,zeek_notice.suppress_for,zeek_notice.dropped,zeek_notice.remote_location_country_code,zeek_notice.remote_location_region,zeek_notice.remote_location_latitude,zeek_notice.remote_location_longitude,zeek_notice.category,zeek_notice.sub_category zeek_ntlm=require:zeek_ntlm;title:Zeek ntlm.log;fields:zeek_ntlm.host,zeek_ntlm.domain,zeek_ntlm.success,zeek_ntlm.status,zeek_ntlm.server_nb_computer,zeek_ntlm.server_dns_computer,zeek_ntlm.server_tree zeek_ntp=require:zeek_ntp;title:Zeek ntp.log;fields:zeek_ntp.version,zeek_ntp.mode,zeek_ntp.mode_str,zeek_ntp.stratum,zeek_ntp.poll,zeek_ntp.precision,zeek_ntp.root_delay,zeek_ntp.root_disp,zeek_ntp.ref_id,zeek_ntp.ref_time,zeek_ntp.org_time,zeek_ntp.rec_time,zeek_ntp.xmt_time,zeek_ntp.num_exts zeek_pe=require:zeek_pe;title:Zeek pe.log;fields:zeek_pe.machine,zeek_pe.compile_ts,zeek_pe.os,zeek_pe.subsystem,zeek_pe.is_exe,zeek_pe.is_64bit,zeek_pe.uses_aslr,zeek_pe.uses_dep,zeek_pe.uses_code_integrity,zeek_pe.uses_seh,zeek_pe.has_import_table,zeek_pe.has_export_table,zeek_pe.has_cert_table,zeek_pe.has_debug_data,zeek_pe.section_names zeek_profinet=require:zeek_profinet;title:Zeek profinet.log;fields:zeek_profinet.operation_type,zeek_profinet.block_version,zeek_profinet.slot_number,zeek_profinet.subslot_number,zeek_profinet.index zeek_profinet_dce_rpc=require:zeek_profinet_dce_rpc;title:Zeek profinet_dce_rpc.log;fields:zeek_profinet_dce_rpc.version,zeek_profinet_dce_rpc.packet_type,zeek_profinet_dce_rpc.object_uuid,zeek_profinet_dce_rpc.interface_uuid,zeek_profinet_dce_rpc.activity_uuid,zeek_profinet_dce_rpc.server_boot_time,zeek_profinet_dce_rpc.operation zeek_radius=require:zeek_radius;title:Zeek radius.log;fields:zeek_radius.mac,zeek_radius.framed_addr,zeek_radius.tunnel_client,zeek_radius.connect_info,zeek_radius.reply_msg,zeek_radius.result,zeek_radius.ttl zeek_rdp=require:zeek_rdp;title:Zeek rdp.log;fields:zeek_rdp.cookie,zeek_rdp.result,zeek_rdp.security_protocol,zeek_rdp.client_channels,zeek_rdp.keyboard_layout,zeek_rdp.client_build,zeek_rdp.client_name,zeek_rdp.client_dig_product_id,zeek_rdp.desktop_width,zeek_rdp.desktop_height,zeek_rdp.requested_color_depth,zeek_rdp.cert_type,zeek_rdp.cert_count,zeek_rdp.cert_permanent,zeek_rdp.encryption_level,zeek_rdp.encryption_method zeek_rfb=require:zeek_rfb;title:Zeek rfb.log;fields:zeek_rfb.client_major_version,zeek_rfb.client_minor_version,zeek_rfb.server_major_version,zeek_rfb.server_minor_version,zeek_rfb.authentication_method,zeek_rfb.auth,zeek_rfb.share_flag,zeek_rfb.desktop_name,zeek_rfb.width,zeek_rfb.height zeek_s7comm=require:zeek_s7comm;title:Zeek s7comm.log;fields:zeek_s7comm.rosctr,zeek_s7comm.parameter,zeek_s7comm.parameters.class,zeek_s7comm.parameters.code,zeek_s7comm.parameters.group,zeek_s7comm.parameters.mode,zeek_s7comm.parameters.sub,zeek_s7comm.parameters.type,zeek_s7comm.item_count,zeek_s7comm.data_info zeek_signatures=require:zeek_signatures;title:Zeek signatures.log;fields:zeek_signatures.note,zeek_signatures.signature_id,zeek_signatures.engine,zeek_signatures.event_message,zeek_signatures.sub_message,zeek_signatures.signature_count,zeek_signatures.host_count zeek_sip=require:zeek_sip;title:Zeek sip.log;fields:zeek_sip.trans_depth,zeek_sip.method,zeek_sip.uri,zeek_sip.date,zeek_sip.request_from,zeek_sip.request_to,zeek_sip.response_from,zeek_sip.response_to,zeek_sip.reply_to,zeek_sip.call_id,zeek_sip.seq,zeek_sip.subject,zeek_sip.request_path,zeek_sip.response_path,zeek_sip.user_agent,zeek_sip.status_code,zeek_sip.status_msg,zeek_sip.warning,zeek_sip.request_body_len,zeek_sip.response_body_len,zeek_sip.content_type,zeek_sip.version zeek_smb_cmd=require:zeek_smb_cmd;title:Zeek smb_cmd.log;fields:zeek_smb_cmd.command,zeek_smb_cmd.sub_command,zeek_smb_cmd.argument,zeek_smb_cmd.status,zeek_smb_cmd.rtt,zeek_smb_cmd.version,zeek_smb_cmd.user,zeek_smb_cmd.tree,zeek_smb_cmd.tree_service zeek_smb_files=require:zeek_smb_files;title:Zeek smb_files.log;fields:zeek_smb_files.action,zeek_smb_files.path,zeek_smb_files.name,zeek_smb_files.size,zeek_smb_files.prev_name,zeek_smb_files.times_modified,zeek_smb_files.times_accessed,zeek_smb_files.times_created,zeek_smb_files.times_changed,zeek_smb_files.data_offset_req,zeek_smb_files.data_len_req,zeek_smb_files.data_len_rsp zeek_smb_mapping=require:zeek_smb_mapping;title:Zeek smb_mapping.log;fields:zeek_smb_mapping.path,zeek_smb_mapping.resource_type,zeek_smb_mapping.native_file_system,zeek_smb_mapping.share_type zeek_smtp=require:zeek_smtp;title:Zeek smtp.log;fields:zeek_smtp.trans_depth,zeek_smtp.helo,zeek_smtp.mailfrom,zeek_smtp.rcptto,zeek_smtp.date,zeek_smtp.from,zeek_smtp.to,zeek_smtp.cc,zeek_smtp.reply_to,zeek_smtp.msg_id,zeek_smtp.in_reply_to,zeek_smtp.subject,zeek_smtp.x_originating_ip,zeek_smtp.first_received,zeek_smtp.second_received,zeek_smtp.last_reply,zeek_smtp.last_reply_code,zeek_smtp.last_reply_msg,zeek_smtp.path,zeek_smtp.user_agent,zeek_smtp.tls,zeek_smtp.is_webmail zeek_snmp=require:zeek_snmp;title:Zeek snmp.log;fields:zeek_snmp.duration,zeek_snmp.version,zeek_snmp.community,zeek_snmp.get_requests,zeek_snmp.get_bulk_requests,zeek_snmp.get_responses,zeek_snmp.set_requests,zeek_snmp.display_string,zeek_snmp.up_since zeek_socks=require:zeek_socks;title:Zeek socks.log;fields:zeek_socks.version,zeek_socks.server_status,zeek_socks.request_host,zeek_socks.request_name,zeek_socks.request_port,zeek_socks.bound_host,zeek_socks.bound_name,zeek_socks.bound_port zeek_software=require:zeek_software;title:Zeek software.log;fields:zeek_software.software_type,zeek_software.name,zeek_software.version_major,zeek_software.version_minor,zeek_software.version_minor2,zeek_software.version_minor3,zeek_software.version_addl,zeek_software.unparsed_version zeek_ssh=require:zeek_ssh;title:Zeek ssh.log;fields:zeek_ssh.version,zeek_ssh.auth_success,zeek_ssh.auth_attempts,zeek_ssh.direction,zeek_ssh.client,zeek_ssh.server,zeek_ssh.cipher_alg,zeek_ssh.mac_alg,zeek_ssh.compression_alg,zeek_ssh.kex_alg,zeek_ssh.host_key_alg,zeek_ssh.host_key,zeek_ssh.remote_location_country_code,zeek_ssh.remote_location_region,zeek_ssh.remote_location_city,zeek_ssh.remote_location_latitude,zeek_ssh.remote_location_longitude,zeek_ssh.hassh,zeek_ssh.hasshServer,zeek_ssh.hasshAlgorithms,zeek_ssh.hasshServerAlgorithms,zeek_ssh.cshka,zeek_ssh.sshka zeek_ssl=require:zeek_ssl;title:Zeek ssl.log;fields:zeek_ssl.ssl_version,zeek_ssl.cipher,zeek_ssl.curve,zeek_ssl.server_name,zeek_ssl.resumed,zeek_ssl.last_alert,zeek_ssl.next_protocol,zeek_ssl.established,zeek_ssl.ja3,zeek_ssl.ja3_desc,zeek_ssl.ja3s,zeek_ssl.ja3s_desc,zeek_ssl.cert_chain_fuids,zeek_ssl.client_cert_chain_fuids,zeek_ssl.subject.CN,zeek_ssl.subject.C,zeek_ssl.subject.O,zeek_ssl.subject.OU,zeek_ssl.subject.ST,zeek_ssl.subject.SN,zeek_ssl.subject.L,zeek_ssl.subject.GN,zeek_ssl.subject.pseudonym,zeek_ssl.subject.serialNumber,zeek_ssl.subject.title,zeek_ssl.subject.initials,zeek_ssl.subject.emailAddress,zeek_ssl.subject.description,zeek_ssl.subject.postalCode,zeek_ssl.subject.street,zeek_ssl.client_subject.CN,zeek_ssl.client_subject.C,zeek_ssl.client_subject.O,zeek_ssl.client_subject.OU,zeek_ssl.client_subject.ST,zeek_ssl.client_subject.SN,zeek_ssl.client_subject.L,zeek_ssl.client_subject.GN,zeek_ssl.client_subject.pseudonym,zeek_ssl.client_subject.serialNumber,zeek_ssl.client_subject.title,zeek_ssl.client_subject.initials,zeek_ssl.client_subject.emailAddress,zeek_ssl.issuer.CN,zeek_ssl.issuer.C,zeek_ssl.issuer.O,zeek_ssl.issuer.OU,zeek_ssl.issuer.ST,zeek_ssl.issuer.SN,zeek_ssl.issuer.L,zeek_ssl.issuer.DC,zeek_ssl.issuer.GN,zeek_ssl.issuer.pseudonym,zeek_ssl.issuer.serialNumber,zeek_ssl.issuer.title,zeek_ssl.issuer.initials,zeek_ssl.issuer.emailAddress,zeek_ssl.client_issuer.CN,zeek_ssl.client_issuer.C,zeek_ssl.client_issuer.O,zeek_ssl.client_issuer.OU,zeek_ssl.client_issuer.ST,zeek_ssl.client_issuer.SN,zeek_ssl.client_issuer.L,zeek_ssl.client_issuer.DC,zeek_ssl.client_issuer.GN,zeek_ssl.client_issuer.pseudonym,zeek_ssl.client_issuer.serialNumber,zeek_ssl.client_issuer.title,zeek_ssl.client_issuer.initials,zeek_ssl.client_issuer.emailAddress,zeek_ssl.validation_status zeek_syslog=require:zeek_syslog;title:Zeek syslog.log;fields:zeek_syslog.facility,zeek_syslog.severity,zeek_syslog.message zeek_tds=require:zeek_tds;title:Zeek tds.log;fields:zeek_tds.command zeek_tds_rpc=require:zeek_tds_rpc;title:Zeek tds_rpc.log;fields:zeek_tds_rpc.procedure_name,zeek_tds_rpc.parameters zeek_tds_sql_batch=require:zeek_tds_sql_batch;title:Zeek tds_sql_batch.log;fields:zeek_tds_sql_batch.header_type,zeek_tds_sql_batch.query zeek_tftp=require:zeek_tftp;title:Zeek tftp.log;fields:zeek_tftp.block_acked,zeek_tftp.block_sent,zeek_tftp.error_code,zeek_tftp.error_msg,zeek_tftp.fname,zeek_tftp.mode,zeek_tftp.size,zeek_tftp.uid_data,zeek_tftp.wrq zeek_tunnel=require:zeek_tunnel;title:Zeek tunnel.log;fields:zeek_tunnel.tunnel_type,zeek_tunnel.action zeek_weird=require:zeek_weird;title:Zeek weird.log;fields:zeek_weird.name,zeek_weird.addl,zeek_weird.notice,zeek_weird.peer zeek_wireguard=require:zeek_wireguard;title:Zeek wireguard.log;fields:zeek_wireguard.established,zeek_wireguard.initiations,zeek_wireguard.responses zeek_x509=require:zeek_x509;title:Zeek x509.log;fields:zeek_x509.certificate_version,zeek_x509.certificate_serial,zeek_x509.certificate_subject.CN,zeek_x509.certificate_subject.C,zeek_x509.certificate_subject.O,zeek_x509.certificate_subject.OU,zeek_x509.certificate_subject.ST,zeek_x509.certificate_subject.SN,zeek_x509.certificate_subject.L,zeek_x509.certificate_subject.DC,zeek_x509.certificate_subject.GN,zeek_x509.certificate_subject.pseudonym,zeek_x509.certificate_subject.serialNumber,zeek_x509.certificate_subject.title,zeek_x509.certificate_subject.initials,zeek_x509.certificate_subject.emailAddress,zeek_x509.certificate_subject.description,zeek_x509.certificate_subject.postalCode,zeek_x509.certificate_subject.street,zeek_x509.certificate_issuer.CN,zeek_x509.certificate_issuer.DC,zeek_x509.certificate_issuer.C,zeek_x509.certificate_issuer.O,zeek_x509.certificate_issuer.OU,zeek_x509.certificate_issuer.ST,zeek_x509.certificate_issuer.SN,zeek_x509.certificate_issuer.L,zeek_x509.certificate_issuer.GN,zeek_x509.certificate_issuer.pseudonym,zeek_x509.certificate_issuer.serialNumber,zeek_x509.certificate_issuer.title,zeek_x509.certificate_issuer.initials,zeek_x509.certificate_issuer.emailAddress,zeek_x509.certificate_not_valid_before,zeek_x509.certificate_not_valid_after,zeek_x509.certificate_key_alg,zeek_x509.certificate_sig_alg,zeek_x509.certificate_key_type,zeek_x509.certificate_key_length,zeek_x509.certificate_exponent,zeek_x509.certificate_curve,zeek_x509.san_dns,zeek_x509.san_uri,zeek_x509.san_email,zeek_x509.san_ip,zeek_x509.basic_constraints_ca,zeek_x509.basic_constraints_path_len