[Bro] processing all Notices

David Mandelberg david at mandelberg.org
Tue May 7 10:16:54 PDT 2013

On Fri, 3 May 2013 16:57:53 -0700, Aashish SHARMA <init.conf at gmail.com>
> [Not sure if my previous reply went through - resending]
> Hello David:
> I have a very simple script which counts number of notices per source
> generates another notice. The new notice can be escalation to a
> action (Action::EMAIL or ACTION::DROP etc). 
> Consider this  version 0.1 but you will get a good idea from this.  I
> to include another threshold for generating a notice if N distinct
> notice_types per source are seen. Additionally, such heuristics can be
> extended further. 
> Policy file attached. 
> Aashish


David Eric Mandelberg / dseomn

More information about the Bro mailing list