mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 23:58:20 +00:00
d89ee3cee0
We now extract email addresses in the fields that one would expect to contain addresses. This makes further downstream processing of these fields easier like log analysis or using these fields in the Intel framework. The primary downside is that any other content in these fields is no longer available such as full name and any group information. I believe the simplification of the content in these fields is worth the change. Added "cc" to the script that feeds information from SMTP into the Intel framework. A new script for email handling utility functions has been created as a side effect of these changes. |
||
|---|---|---|
| .. | ||
| __load__.bro | ||
| conn-established.bro | ||
| dns.bro | ||
| file-hashes.bro | ||
| file-names.bro | ||
| http-headers.bro | ||
| http-url.bro | ||
| pubkey-hashes.bro | ||
| README | ||
| smtp-url-extraction.bro | ||
| smtp.bro | ||
| ssl.bro | ||
| where-locations.bro | ||
| x509.bro | ||
Scripts that send data to the intelligence framework.