From 4f989dcd94fa8d8bcb89a3f1f5d8ee4815392410 Mon Sep 17 00:00:00 2001 From: Eugeny Ablesov <133771006+EvgenyAblesov@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:14:42 +0300 Subject: [PATCH] Fixed field mapping @ zeekengine.py (#143) Fixed field mapping @ zeekengine.py: resp_h is destination host, please refer to https://docs.zeek.org/en/current/log-formats.html --- analysis/classes/zeekengine.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analysis/classes/zeekengine.py b/analysis/classes/zeekengine.py index dc5c19d..15457a3 100644 --- a/analysis/classes/zeekengine.py +++ b/analysis/classes/zeekengine.py @@ -270,7 +270,7 @@ class ZeekEngine(object): if record is not None: f = {"filename": record["filename"], "ip_src": record["id.orig_h"], - "ip_dst": record["id.orig_p"], + "ip_dst": record["id.resp_h"], "mime_type": record["mime_type"], "sha1": record["sha1"]} if f not in self.files: