Merge remote-tracking branch 'origin/topic/bbannier/pr-107'

zeek · Nov 30, 2021 · 2e5a185 · 2e5a185
2 parents 1ec3d31 + abc73af
commit 2e5a185
Show file tree

Hide file tree

Showing 127 changed files with 15 additions and 8,447 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -50,6 +50,7 @@ zkg_macos_task:
 
   prepare_script:
     - pip3 install zkg btest
+    - zkg refresh
     - zkg autoconfig && echo "@load packages" >>"$(zeek-config --site_dir)"/local.zeek
     # --force avoids prompts
     - zkg install --force --skiptests spicy-plugin

diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,7 @@
+0.2.28-12 | 2021-11-30 15:02:42 +0100
+
+  * Deprecate analyzers. (Keith Jones, Corelight)
+
 0.2.28-10 | 2021-11-30 12:45:11 +0100
 
   * Run macos CI against latest Spicy release instead of HEAD. (Benjamin Bannier, Corelight)

diff --git a/README.md b/README.md
@@ -11,15 +11,15 @@ Currently, the following analyzers are included:
 - DNS <sup>[1]</sup>
 - [Facefish Rootkit](https://github.com/zeek/spicy-analyzers/tree/main/analyzer/facefish_rootkit)
 - HTTP <sup>[1]</sup>
-- [IPSec](https://github.com/zeek/spicy-analyzers/tree/main/analyzer/ipsec)
+- [IPSec](http://github.com/corelight/zeek-spicy-ipsec)
 - LDAP
-- [OpenVPN](https://github.com/zeek/spicy-analyzers/tree/main/analyzer/openvpn)
+- [OpenVPN](http://github.com/corelight/zeek-spicy-openvpn)
 - PNG
 - Portable Executable (PE) <sup>[2]</sup>
-- [STUN](https://github.com/zeek/spicy-analyzers/tree/main/analyzer/stun)
-- [Tailscale VPN](https://github.com/zeek/spicy-analyzers/tree/main/analyzer/tailscale)
+- [STUN](http://github.com/corelight/zeek-spicy-stun)
+- [Tailscale VPN](http://github.com/corelight/zeek-spicy-wireguard)
 - TFTP
-- Wireguard
+- [Wireguard](http://github.com/corelight/zeek-spicy-wireguard)
 - ZIP archives
 
 We are working to expand this set. If you have written a Spicy

diff --git a/analyzer/CMakeLists.txt b/analyzer/CMakeLists.txt
@@ -4,16 +4,10 @@ set(PACKAGE_NAME "spicy-analyzers")
 
 add_subdirectory(dhcp)
 add_subdirectory(dns)
-add_subdirectory(facefish_rootkit)
 add_subdirectory(http)
-add_subdirectory(ipsec)
-add_subdirectory(openvpn)
 add_subdirectory(pe)
 add_subdirectory(png)
-add_subdirectory(stun)
-add_subdirectory(tailscale)
 add_subdirectory(tftp)
-add_subdirectory(wireguard)
 add_subdirectory(zip)
 
 install(FILES __load__.zeek DESTINATION "${SPICY_SCRIPTS_OUTPUT_DIR_INSTALL}/${PACKAGE_NAME}/")
diff --git a/analyzer/__load__.zeek b/analyzer/__load__.zeek
@@ -2,12 +2,6 @@
 
 @load ./dhcp
 @load ./dns
-@load ./facefish_rootkit
 @load ./http
-@load ./ipsec
-@load ./openvpn
 @load ./png
-@load ./stun
-@load ./tailscale
 @load ./tftp
-@load ./wireguard
diff --git a/analyzer/facefish_rootkit/CMakeLists.txt b/analyzer/facefish_rootkit/CMakeLists.txt
diff --git a/analyzer/facefish_rootkit/Readme.md b/analyzer/facefish_rootkit/Readme.md
diff --git a/analyzer/facefish_rootkit/__load__.zeek b/analyzer/facefish_rootkit/__load__.zeek
diff --git a/analyzer/facefish_rootkit/consts.zeek b/analyzer/facefish_rootkit/consts.zeek
diff --git a/analyzer/facefish_rootkit/dpd.sig b/analyzer/facefish_rootkit/dpd.sig
diff --git a/analyzer/facefish_rootkit/facefish_rootkit.evt b/analyzer/facefish_rootkit/facefish_rootkit.evt
diff --git a/analyzer/facefish_rootkit/facefish_rootkit.spicy b/analyzer/facefish_rootkit/facefish_rootkit.spicy
diff --git a/analyzer/facefish_rootkit/facefish_rootkit_zeek.spicy b/analyzer/facefish_rootkit/facefish_rootkit_zeek.spicy
diff --git a/analyzer/facefish_rootkit/main.zeek b/analyzer/facefish_rootkit/main.zeek
diff --git a/analyzer/ipsec/CMakeLists.txt b/analyzer/ipsec/CMakeLists.txt
diff --git a/analyzer/ipsec/LICENSE.3rdparty b/analyzer/ipsec/LICENSE.3rdparty
diff --git a/analyzer/ipsec/Readme.md b/analyzer/ipsec/Readme.md
diff --git a/analyzer/ipsec/__load__.zeek b/analyzer/ipsec/__load__.zeek