[Bro] Bro email notice question

Seth Hall seth at icir.org
Sun Apr 3 12:05:30 PDT 2016

> On Mar 29, 2016, at 12:15 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
> If I remember correctly, the intention of do_notice.bro was to provide
> an example how the intel-framework could be used in this context. I
> think the example somehow became the default.

Yep, that script is really only meant as an example and it's not loaded by default in Bro.  I believe that criticalstack has chosen to load that script though.

We certainly aren't against fixing up any scripts in Bro to make them more generally useful though, and from a quick skim it looks like those are totally reasonable changes which I apparently missed when I was writing that script.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list