Zeek Package Documentation: Windows Version Detection

Package README

The top-level README has information on how to install and test this Zeek Package.

• Zeek Package for Windows Version Detection
  • Quick Start
  • Updating and Unloading
  • Installation
  • Contributing
  • Package Template
  • License

Zeek Package

For Zeek scripting details, such as options, functions and events, see the auto-generated documentation:

__load__.zeek

This is the entrypoint to loading the entire package.

main.zeek

Windows systems access a Microsoft Certificate Revocation List (CRL) periodically. The user agent for these requests reveals which version of Crypt32.dll installed on the system, which can uniquely identify the version of Windows that’s running.

This script will log the version of Windows that was identified to the Software framework.

local/__load__.zeek

Site-specific customizations go here

Reference

• main.zeek
  • Summary
    • Redefinable Options
    • Types
    • Redefinitions
  • Detailed Interface
    • Redefinable Options
    • Types
• __load__.zeek
  • Summary
  • Detailed Interface
• local/__load__.zeek
  • Summary
  • Detailed Interface
• Index