[Bro-Dev] #20: notice handling needs to accommodate a set of actions, not just one action
Bro Tracker
bro at tracker.bro-ids.org
Wed Jun 22 11:38:47 PDT 2011
#20: notice handling needs to accommodate a set of actions, not just one action
------------------------------+------------------------------
Reporter: vern | Owner:
Type: Feature Request | Status: closed
Priority: Normal | Milestone:
Component: Bro | Version:
Resolution: Solved/Applied | Keywords: notice filtering
------------------------------+------------------------------
Changes (by seth):
* status: seen => closed
* resolution: => Solved/Applied
Comment:
This is in progress now. The notice framework should be much more
straight forward this way.
The only trouble I'm still running into is how to define "blockers" that
block the progression of notice policy items (for instance, to completely
ignore certain notice types). I'll be talking to Robin about this soon
though to see if we can nail down a technique to approach this with.
I'm closing this ticket now since it's another part of the script
rewriting and is already underway.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/20#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list