[Bro-Dev] #914: topic/seth/intel-framework
Bro Tracker
bro at tracker.bro-ids.org
Wed Oct 31 16:21:37 PDT 2012
#914: topic/seth/intel-framework
----------------------------+------------------------
Reporter: seth | Owner: robin
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------------+------------------------
Comment (by robin):
Good stuff.
Questions:
- why not load the various seen() handlers in base/* rather than policy/*?
Isn't part of the beauty here that it will just find stuff once intel data
has been loaded?
- cluster.bro: {{{initial_sync}}} never gets reset; that doesn't seem to
work if I restart everything except the manager, right?
- {{{match_no_items}}} is not a very intuitive name imo :)
- didn't you have some initial documentation as well, or do I misremember
that?
- Should scripts/policy/protocols/http/detect-intel.bro looks go now?
Likewise, there are old tests in {{{scripts/base/frameworks/intel/}}} that
use {{{Intel::matcher}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/914#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list