mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
18 lines
488 B
Text
18 lines
488 B
Text
# $Id: tm-http.bro,v 1.1.2.1 2005/11/29 21:39:05 sommer Exp $
|
|
#
|
|
# Requests connections from time-machine for which we have seen a sensitive URI.
|
|
|
|
@load http
|
|
@load time-machine
|
|
|
|
redef notice_policy += {
|
|
[$pred(a: notice_info) =
|
|
{
|
|
if ( a$note == HTTP::HTTP_SensitiveURI &&
|
|
a?$conn && ! is_external_connection(a$conn) )
|
|
TimeMachine::request_connection(a$conn, T, "tm-http");
|
|
return F;
|
|
},
|
|
$result = NOTICE_FILE, # irrelevant, since we always return F
|
|
$priority = 1]
|
|
};
|