zeek/scripts/policy/frameworks/intel/conn-established.bro at 5fa9c5865b6748c642d91a01f3537331ee5747a9 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00

Seth Hall 0bcedcd204 Restructuring the scripts that feed data into the intel framework slightly.

2012-09-28 13:25:37 -04:00

8 lines

235 B

Text

Raw Blame History

 @load base/frameworks/intel
 @load ./where-locations
 event connection_established(c: connection)
 	{
 	Intel::seen([$host=c$id$orig_h, $conn=c, $where=Conn::IN_ORIG]);
 	Intel::seen([$host=c$id$resp_h, $conn=c, $where=Conn::IN_RESP]);
 	}