mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
11 lines
307 B
Text
11 lines
307 B
Text
@load base/frameworks/intel
|
|
@load ./where-locations
|
|
|
|
event http_header(c: connection, is_orig: bool, name: string, value: string)
|
|
{
|
|
if ( is_orig && name == "HOST" )
|
|
Intel::seen([$str=value,
|
|
$str_type=Intel::DOMAIN,
|
|
$conn=c,
|
|
$where=HTTP::IN_HOST_HEADER]);
|
|
}
|