Correcting issue with certificates detection

2021-04-24 22:39:02 +02:00
parent 5e29f8c850
commit 27942c224b
1 changed files with 2 additions and 3 deletions
--- a/analysis/classes/zeekengine.py
+++ b/analysis/classes/zeekengine.py
@@ -271,11 +271,10 @@ class ZeekEngine(object):
                        self.files.append(f)

        for f in self.files:
-            if f["mime_type"] == "application/x-x509-ca-cert":
+            if f["mime_type"] == "application/x-x509-user-cert":
                for cert in bl_certs:  # Check for blacklisted certificate.
                    if f["sha1"] == cert[0]:
-                        host = self.resolve(f["ip_dst"])
-                        c["alert_tiggered"] = True
+                        host = self.resolve(f["ip_src"])
                        self.alerts.append({"title": self.template["IOC-07"]["title"].format(cert[1].upper(), host),
                                            "description": self.template["IOC-07"]["description"].format(f["sha1"], host),
                                            "host": host,