[Bro] processing all Notices
david at mandelberg.org
Tue May 7 10:16:54 PDT 2013
On Fri, 3 May 2013 16:57:53 -0700, Aashish SHARMA <init.conf at gmail.com>
> [Not sure if my previous reply went through - resending]
> Hello David:
> I have a very simple script which counts number of notices per source
> generates another notice. The new notice can be escalation to a
> action (Action::EMAIL or ACTION::DROP etc).
> Consider this version 0.1 but you will get a good idea from this. I
> to include another threshold for generating a notice if N distinct
> notice_types per source are seen. Additionally, such heuristics can be
> extended further.
> Policy file attached.
David Eric Mandelberg / dseomn
More information about the Bro