Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'topic/mareq/quoted-printable' of https://github.com/mareq/bro

Browse source 
Thanks!

Merged https://github.com/bro/bro/pull/7
This commit is contained in:
Robin Sommer 2014-04-24 18:28:58 -07:00
commit b029d18336
8 changed files with 53 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

24
scripts/policy/frameworks/intel/seen/http-headers.bro
View file

@ -8,18 +8,18 @@ event http_header(c: connection, is_orig: bool, name: string, value: string)
{
switch ( name )
{
case "HOST":
if ( is_valid_ip(value) )
Intel::seen([$host=to_addr(value),
$indicator_type=Intel::ADDR,
$conn=c,
$where=HTTP::IN_HOST_HEADER]);
else
Intel::seen([$indicator=value,
$indicator_type=Intel::DOMAIN,
$conn=c,
$where=HTTP::IN_HOST_HEADER]);
break;
case "HOST":
if ( is_valid_ip(value) )
Intel::seen([$host=to_addr(value),
$indicator_type=Intel::ADDR,
$conn=c,
$where=HTTP::IN_HOST_HEADER]);
else
Intel::seen([$indicator=value,
$indicator_type=Intel::DOMAIN,
$conn=c,
$where=HTTP::IN_HOST_HEADER]);
break;
case "REFERER":
Intel::seen([$indicator=sub(value, /^.*:\/\//, ""),