Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add fine-grained groups for Intel events

Browse source
This commit is contained in:
Mohan Dhawan 2025-04-24 23:24:40 +05:30
parent dee6f1421a
commit 8314b18092
No known key found for this signature in database
GPG key ID: 2CC5E879082AAC58
11 changed files with 104 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/frameworks/intel/seen/http-url.zeek
View file

@ -2,7 +2,7 @@
@load base/protocols/http/utils
@load ./where-locations
event http_message_done(c: connection, is_orig: bool, stat: http_message_stat)
event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) &group="Intel::URL"
{
if ( is_orig && c?$http )
Intel::seen([$indicator=HTTP::build_url(c$http),