mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
9b444b2617
- Intel importing format has changed (refer to docs). - All string matching is now case insensitive. - SMTP intel script has been updated to extract email addresses correctly. - Small fix sneaking into the smtp base script to actually extract individual email addresses in the To: field correctly.
12 lines
326 B
Text
12 lines
326 B
Text
@load base/frameworks/intel
|
|
@load ./where-locations
|
|
|
|
event connection_established(c: connection)
|
|
{
|
|
if ( c$orig$state == TCP_ESTABLISHED &&
|
|
c$resp$state == TCP_ESTABLISHED )
|
|
{
|
|
Intel::seen([$host=c$id$orig_h, $conn=c, $where=Conn::IN_ORIG]);
|
|
Intel::seen([$host=c$id$resp_h, $conn=c, $where=Conn::IN_RESP]);
|
|
}
|
|
}
|