work in progress for mandiant threat intel integration, cisagov#358

mmguero-dev · Nov 7, 2024 · 45ab9ce · 45ab9ce
1 parent 68f416a
commit 45ab9ce
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/shared/bin/zeek_intel_setup.sh b/shared/bin/zeek_intel_setup.sh
@@ -86,8 +86,9 @@ EOF
             elif [[ -f "${DIR}"/__load__.zeek ]]; then
                 # this intel feed has its own load directive and should take care of itself
                 echo "@load ${DIR}" >> ./__load__.zeek."${INSTANCE_UID}"
-            else
-                # this directory contains "loose" intel files we'll need to load explicitly
+
+            elif [[ "${DIR}" != "./Mandiant" ]]; then
+                # this custom directory contains "loose" intel files we'll need to load explicitly
                 while IFS= read -r line; do
                     LOOSE_INTEL_FILES+=( "$line" )
                 done < <( find "${INTEL_DIR}/${DIR}" -type f ! -name ".*" 2>/dev/null )