mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
12 lines
326 B
Text
12 lines
326 B
Text
@load base/frameworks/intel
|
|
@load ./where-locations
|
|
|
|
event connection_established(c: connection)
|
|
{
|
|
if ( c$orig$state == TCP_ESTABLISHED &&
|
|
c$resp$state == TCP_ESTABLISHED )
|
|
{
|
|
Intel::seen([$host=c$id$orig_h, $conn=c, $where=Conn::IN_ORIG]);
|
|
Intel::seen([$host=c$id$resp_h, $conn=c, $where=Conn::IN_RESP]);
|
|
}
|
|
}
|