[Bro] Bro email notice question
scotty.b.brown at gmail.com
Sun Apr 3 14:52:48 PDT 2016
It's saved us a BUNCH of time already - just having the notice source in
the email by default.
Would def +1 having these rolled back in at some point :)
On 04/04/16 05:05, Seth Hall wrote:
>> On Mar 29, 2016, at 12:15 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>> If I remember correctly, the intention of do_notice.bro was to provide
>> an example how the intel-framework could be used in this context. I
>> think the example somehow became the default.
> Yep, that script is really only meant as an example and it's not loaded by default in Bro. I believe that criticalstack has chosen to load that script though.
> We certainly aren't against fixing up any scripts in Bro to make them more generally useful though, and from a quick skim it looks like those are totally reasonable changes which I apparently missed when I was writing that script.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
More information about the Bro