CESNET · petrmiculek · May 28, 2019 · May 28, 2019 · May 28, 2019 · May 30, 2019
diff --git a/Makefile.am b/Makefile.am
@@ -1,5 +1,4 @@
 ACLOCAL_AMFLAGS = -I m4
-
 SUBDIRS=amplification_detection \
 	blacklistfilter \
 	blacklistfilter/adaptive_filter \
@@ -51,7 +50,7 @@ deb:
 	make distdir && cd nemea-detectors-@VERSION@ && debuild -i -us -uc -b
 else
 endif
-	
+
 deb-clean:
 	rm -rf nemea-detectors_*.build* nemea-detectors_*.changes nemea-detectors*.deb nemea-detectors_*.orig.tar.gz nemea-detectors-*.tar.gz nemea-detectors-@VERSION@
 

diff --git a/README.md b/README.md
@@ -5,8 +5,14 @@ This repository contains modules with the following detection capabilities:
 
 * [amplification_detection](amplification_detection): universal detector of DNS/NTP/... amplification attacks
 * [blacklistfilter](blacklistfilter): module that checks whether observed IP addresses are listed in any of given public-available blacklists
+* [brute_force_detector](brute_force_detector): detector of brute-force attacks over SSH, RDP and TELNET.
+* [ddos_detector](ddos_detector): detector of DDoS attacks
+* [haddrscan_detector](haddrscan_detector): detector of horizontal scans
 * [hoststatsnemea](hoststatsnemea): universal detection module based on computation of statistics about hosts, it can detect some types of DoS, DDoS, scanning
+* [miner_detector](miner_detector): detector of crypto mining hosts.
 * [sip_bf_detector](sip_bf_detector): detector of brute-force attacks attempting to breach passwords of users on SIP (Session Initiation Protocol) devices
+* [smtp_spam_detector](smtp_spam_detector): detector of spam sources
 * [tunnel_detection](tunnel_detection): detector of communication tunnels over DNS (e.g. using iodine or tcp2dns)
 * [voip_fraud_detection](voip_fraud_detection): detector of guessing dial scheme of Session Initiation Protocol (SIP)
 * [vportscan_detector](vportscan_detector): detector of vertical scans based on TCP SYN
+* [waintrusion_detector](waintrusion_detector): detector of attacks on web applications
diff --git a/brute_force_detector/Makefile.am b/brute_force_detector/Makefile.am
@@ -1,4 +1,3 @@
-
 bin_PROGRAMS=brute_force_detector
 brute_force_detector_SOURCES=telnet_server_profile.cpp telnet_server_profile.h record.h record.cpp brute_force_detector.h brute_force_detector.cpp config.h config.cpp host.h host.cpp sender.h sender.cpp whitelist.cpp whitelist.h fields.c fields.h
 whitelist_unit_test_SOURCES=whitelist_unit_test.cpp whitelist.h whitelist.cpp

diff --git a/brute_force_detector/README.md b/brute_force_detector/README.md
@@ -46,13 +46,8 @@ Unirec template for output interface is `DETECTION_TIME,WARDEN_TYPE,SRC_IP,PROTO
 * `PROTOCOL` : TCP protocol number
 * `DST_PORT` : Port of the attacked service
 * `EVENT_SCALE` : Scale of the detected event
-* `NOTE` : This field contains (comma is used as separator):
-  1. Total number of targets since start of the attack from both 
-directions separated by a dash  
-  2. Flag if the scan is performed
-  3. Number of suspicious flows from both directions and since 
-last report separated by a dash 
-
+* `NOTE` : This field contains (comma is used as separator):   
+  "I: (list of incoming attacker IPs), O: (list of outgoing attacked IPs)" 
 
 How to use
 ----------