[Bro] Can't get "Notice::ACTION_EMAIL" to work
andrew.dellana at bayer.com
Thu Jan 19 10:58:37 PST 2017
I am still new to bro scripting and I am working with the vt_check that sooshie wrote and trying to configure email notifications for any virus findings (monitoring multiple interfaces via network tap). I looked into the notice framework section on the webpage and am getting an error: "error in ./VT_Check.bro, line 117: unknown identifier Virus_Total_Alert, at or near "Virus_Total_Alert" ". Line 117 is the "Notice::ACTION_EMAIL" line.
hook Notice::policy(n: Notice::Info)
if ( n?$conn && n$conn?$http && n$conn$http?$host )
n$email_body_sections[|n$email_body_sections|] = fmt("Virus_Total_Alert header: %s", n$conn$http$host);
$msg=fmt("Detected potential virus effecting computer.", key$host, r$num),
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro