User Tools
Sidebar
lua:start
**This is an old revision of the document!** ----
A PCRE internal error occured. This might be caused by a faulty plugin
====== Getting started with Trisul LUA Scripting ====== Using plain LuaJIT you can extend Trisul's functionality in a number of ways. ===== Concepts ===== [[https://github.com/trisulnsm/trisul-scripts/tree/master/lua/skeletons|Skeleton Lua scripts]] you can copy and fill out [[https://www.trisul.org/docs/lua/selector.html|LUA Script selector]] - to help you pick the type of scripting API you need to use to accomplish a variety of tasks [[scripting:introbro|Bro IDS scripting vs Trisul scripting]] [[lua:structure|How to structure your scripts]] ===== Tutorials ===== Links to step by step tutorials * **Tutorial 1** : [[https://www.trisul.org/docs/lua/tutorial1.html|A Hello World]] * **Tutorial 2** : A [[https://www.trisul.org/docs/lua/tutorial2.html|packet length counter]] * **Tutorial 3** : A basic TCP [[https://github.com/trisulnsm/trisul-scripts/tree/master/lua/tutorial/tutorial3|based DNP3 analyzer]] * **Tutorial 4** : A step-by-step guide to working with resources (Logs) [[https://github.com/trisulnsm/trisul-scripts/tree/master/lua/tutorial/tutorial4|by writing a URLHaus IOC checker]] ===== LuaJIT tips ===== [[lua:jittips|LuaJIT performance tips]] ===== Script examples ===== Explains various programming techniques with real examples. ==== UA-Parser ==== [[lua:ua-parser|Trisul script to use UA-Parser regex to track HTTP User Agents]] ==== QUIC analyzer ==== A G-QUIC (Google QUIC) analyzer that parses a UDP-443 protocol, extracts indicators, and certificates. Learn how to use LuaJIT FFI to work with decompression, BITMAUL to parse protocols, etc. [[lua:quic|Explains the Trisul Google QUIC protocol analyzer script]]
lua/start.1545482368.txt.gz · Last modified: 2018/12/22 12:39 by veera
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
