mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
11 lines
No EOL
274 B
Text
11 lines
No EOL
274 B
Text
@load base/frameworks/intel
|
|
@load ./where-locations
|
|
|
|
event file_new(f: fa_file)
|
|
{
|
|
if ( f?$info && f$info?$filename )
|
|
Intel::seen([$indicator=f$info$filename,
|
|
$indicator_type=Intel::FILE_NAME,
|
|
$f=f,
|
|
$where=Files::IN_NAME]);
|
|
} |