[Bro] Alarms in 2.0
JAzoff at albany.edu
Wed Apr 11 14:47:38 PDT 2012
On Wed, Apr 11, 2012 at 03:29:28PM -0600, Tyler T. Schoenke wrote:
> Two questions regarding Alarms in 2.0.
> First, I created a signature and wanted to reduce the frequency that it
> fires. Does anyone have sample code for SIG_ALARM_PER_ORIG or some
> other way to send out a single alarm per source IP?
It looks like you are supposed to do something like
redef Signatures::actions += [ ["sig_id"] = SIG_ALARM_PER_ORIG ];
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro