Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updates for the Intel Framework.

Browse source 
- Intel importing format has changed (refer to docs).

 - All string matching is now case insensitive.

 - SMTP intel script has been updated to extract email
   addresses correctly.

 - Small fix sneaking into the smtp base script to actually
   extract individual email addresses in the To: field
   correctly.
This commit is contained in:
Seth Hall 2013-07-19 13:16:12 -04:00
parent 18201afcf8
commit 9b444b2617
17 changed files with 178 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/policy/frameworks/intel/http-host-header.bro
View file

@ -4,8 +4,8 @@
event http_header(c: connection, is_orig: bool, name: string, value: string)
{
if ( is_orig && name == "HOST" )
Intel::seen([$str=value,
$str_type=Intel::DOMAIN,
Intel::seen([$indicator=value,
$indicator_type=Intel::DOMAIN,
$conn=c,
$where=HTTP::IN_HOST_HEADER]);
}