base/bif/plugins/Bro_SSH.events.bif.bro
- GLOBAL
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_SSH.events.bif.bro |
Summary
Events
| ssh_client_version: event | Generated when seeing an SSH client’s version identification. |
| ssh_server_version: event | Generated when seeing an SSH server’s version identification. |
Detailed Interface
Events
- ssh_client_version
Type: event (c: connection, version: string) Generated when seeing an SSH client’s version identification. The SSH protocol starts with a clear-text handshake message that reports client and server protocol/software versions. This event provides access to what the client sent.
See Wikipedia for more information about the SSH protocol.
C: The connection. Version: The version string the client sent (e.g., SSH-2.0-libssh-0.11). See also: ssh_server_version
Note
As everything after the initial version handshake proceeds encrypted, Bro cannot further analyze SSH sessions.
- ssh_server_version
Type: event (c: connection, version: string) Generated when seeing an SSH server’s version identification. The SSH protocol starts with a clear-text handshake message that reports client and server protocol/software versions. This event provides access to what the server sent.
See Wikipedia for more information about the SSH protocol.
C: The connection. Version: The version string the server sent (e.g., SSH-1.99-OpenSSH_3.9p1). See also: ssh_client_version
Note
As everything coming after the initial version handshake proceeds encrypted, Bro cannot further analyze SSH sessions.
