[Bro] Intel hits not being emailed

Seth Hall seth at icir.org
Mon Nov 10 06:40:21 PST 2014

> On Nov 8, 2014, at 8:55 PM, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
> I see hits in my intel.log files but I don't get emails about this. Am I
> missing something? I'd taken this directly from the bro blog.

By default, notices are not generated for intel hits.  There is a script that we ship with Bro that gives you the ability to turn intel hits into notices based on a field in the intel data (more information can be found here: https://www.bro.org/bro-exchange-2013/exercises/intel.html).  If you have a solid idea of how you'd like things to work best for you, please let me know.  There are many ways we could make this work. ;)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list