diff --git a/NEWS b/NEWS
index eb0ee24ea6..663de15ebb 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,26 @@ New Functionality
 - SMB2 packets containing multiple PDUs now correctly parse all of the headers,
   instead of just the first one and ignoring the rest.
 
+- The new built-in function ``lookup_connection_analyzer_id()`` retrieves the
+  numeric identifier of an analyzer associated with a connection. This enables
+  the use of the ``disable_analyzer()`` BiF outside of the analyzer
+  confirmation/violation events that have so far been the only providers of
+  those identifiers. For example, this allows the suppression of an analyzer
+  from the outset for specific connections:
+
+	event connection_established(c: connection):
+		{
+		if ( no_http_for_this_conn_wanted(c) )
+			{
+			local aid = lookup_connection_analyzer_id(c$id, Analyzer::ANALYZER_HTTP);
+			if ( aid > 0 )
+				disable_analyzer(c$id, aid, T, T);
+			}
+		}
+
+  Use ``Analyzer::get_tag()`` if you need to obtain an analyzer's tag from its
+  name (such as "HTTP").
+
 Changed Functionality
 ---------------------
 
diff --git a/src/zeek.bif b/src/zeek.bif
index 4134e72847..a3d3ff3670 100644
--- a/src/zeek.bif
+++ b/src/zeek.bif
@@ -4121,6 +4121,34 @@ function file_mode%(mode: count%): string
 #include "zeek/analyzer/Manager.h"
 %%}
 
+## Returns the numeric ID of the requested protocol analyzer for the given
+## connection.
+##
+## cid: The connection identifier.
+##
+## atype: The analyzer tag, such as ``Analyzer::ANALYZER_HTTP``.
+##
+## Returns: a numeric identifier for the analyzer, valid for the given
+##          connection. When no such analyzer exists the function returns
+##          0, which is never a valid analyzer ID value.
+##
+## .. zeek:see:: disable_analyzer Analyzer::disabling_analyzer
+function lookup_connection_analyzer_id%(cid: conn_id, atype: AllAnalyzers::Tag%): count
+	%{
+	Connection* c = session_mgr->FindConnection(cid);
+	if ( ! c )
+		{
+		zeek::emit_builtin_error("connection ID not a known connection", cid);
+		return zeek::val_mgr->Count(0);
+		}
+
+	analyzer::Analyzer* a = c->FindAnalyzer(analyzer_mgr->GetComponentTag(atype));
+	if ( ! a )
+		return zeek::val_mgr->Count(0);
+
+	return zeek::val_mgr->Count(a->GetID());
+	%}
+
 ## Disables the analyzer which raised the current event (if the analyzer
 ## belongs to the given connection).
 ##