From 209a560cc68cc197546c2449651de99a21eddd1e Mon Sep 17 00:00:00 2001
From: Jan Grashoefer <jan.grashoefer@gmail.com>
Date: Thu, 9 Feb 2017 19:36:05 +0100
Subject: [PATCH] Fixed intel expiration reset.

Reinserting the same indicator did not reset the expiration timer for
the indicator in the underlying data store.

Addresses BIT-1790
---
 scripts/base/frameworks/intel/main.bro | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index aa51af5ee0..30f9a6bf75 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -407,7 +407,11 @@ function insert(item: Item)
 			if ( host !in data_store$host_data )
 				data_store$host_data[host] = table();
 			else
+				{
 				is_new = F;
+				# Reset expiration timer.
+				data_store$host_data[host] = data_store$host_data[host];
+				}
 
 			meta_tbl = data_store$host_data[host];
 			}
@@ -422,7 +426,11 @@ function insert(item: Item)
 			if ( !check_subnet(net, data_store$subnet_data) )
 				data_store$subnet_data[net] = table();
 			else
+				{
 				is_new = F;
+				# Reset expiration timer.
+				data_store$subnet_data[net] = data_store$subnet_data[net];
+				}
 
 			meta_tbl = data_store$subnet_data[net];
 			}
@@ -436,7 +444,12 @@ function insert(item: Item)
 			if ( [lower_indicator, item$indicator_type] !in data_store$string_data )
 				data_store$string_data[lower_indicator, item$indicator_type] = table();
 			else
+				{
 				is_new = F;
+				# Reset expiration timer.
+				data_store$string_data[lower_indicator, item$indicator_type] =
+					data_store$string_data[lower_indicator, item$indicator_type];
+				}
 
 			meta_tbl = data_store$string_data[lower_indicator, item$indicator_type];
 			}