Pastein: event http_header(c: connection, is_orig: bool, name: string, value: string) { if ( is_orig ) { if ( name == "HOST" && /zapret\.telegram/ in value ) { local f

Загрузка данных

event http_header(c: connection, is_orig: bool, name: string, value: string)
{
    if ( is_orig )
    {
        if ( name == "HOST" && /zapret\.telegram/ in value )
        {
            local f = open_for_append("/tmp/zeek_block_intel.log");
            print f, fmt("HTTP_HOST:%s", value);
            close(f);
        }

        if ( name == "USER-AGENT" && /Windows PowerShell/ in value )
        {
            local f = open_for_append("/tmp/zeek_block_intel.log");
            print f, "HTTP_USERAGENT:Windows PowerShell";
            close(f);
        }
    }
}

Больше возможностей при регистрации: