Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

coalesce smtp handlers for ADDR

Browse source
This commit is contained in:
Mohan Dhawan 2025-04-29 16:30:31 +05:30
parent 8314b18092
commit 36c4d112c8
No known key found for this signature in database
GPG key ID: 2CC5E879082AAC58
1 changed files with 1 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/policy/frameworks/intel/seen/smtp.zeek
View file

@ -3,7 +3,7 @@
@load base/protocols/smtp @load base/protocols/smtp
@load ./where-locations @load ./where-locations
event mime_end_entity(c: connection) event mime_end_entity(c: connection) &group="Intel::ADDR"
{ {
if ( c?$smtp ) if ( c?$smtp )
{ {
@ -17,13 +17,7 @@ event mime_end_entity(c: connection)
$where=SMTP::IN_RECEIVED_HEADER]); $where=SMTP::IN_RECEIVED_HEADER]);
} }
} }
}
}
event mime_end_entity(c: connection) &group="Intel::ADDR"
{
if ( c?$smtp )
{
if ( c$smtp?$x_originating_ip ) if ( c$smtp?$x_originating_ip )
Intel::seen([$host=c$smtp$x_originating_ip, Intel::seen([$host=c$smtp$x_originating_ip,
$conn=c, $conn=c,