[Zeek] scan.zeek question - exclude IP addresses
Gordon Wallum
glwallum at gmail.com
Thu Feb 13 11:20:45 PST 2020
Hello!
I am new with Zeek and looking to learn more. I am currently using the
scan.zeek script (
https://github.com/zeek/zeek/blob/master/scripts/policy/misc/scan.zeek) for
port scanning detection.
I want to exclude certain source IP addresses from this script but I am not
sure the best way to do so. It seems like a comparison with the key$host
variable, but not sure where or how to do this logic in Zeek.
Any advice would be appreciated
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200213/bbfb678f/attachment.html
More information about the Zeek
mailing list