Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Updates for the Intel Framework.

Browse source 
- Intel importing format has changed (refer to docs).

 - All string matching is now case insensitive.

 - SMTP intel script has been updated to extract email
   addresses correctly.

 - Small fix sneaking into the smtp base script to actually
   extract individual email addresses in the To: field
   correctly.
This commit is contained in:
Seth Hall 2013-07-19 13:16:12 -04:00
parent 18201afcf8
commit 9b444b2617
17 changed files with 178 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/protocols/smtp/main.bro
View file

@ -223,7 +223,10 @@ event mime_one_header(c: connection, h: mime_header_rec) &priority=5
{
if ( ! c$smtp?$to )
c$smtp$to = set();
add c$smtp$to[h$value];
local to_parts = split(h$value, /[[:blank:]]*,[[:blank:]]*/);
for ( i in to_parts )
add c$smtp$to[to_parts[i]];
}
else if ( h$name == "X-ORIGINATING-IP" )