[Bro-Dev] changing Notice::policy mechanism
Seth Hall
seth at icir.org
Thu Nov 1 19:07:13 PDT 2012
On Nov 1, 2012, at 5:01 PM, Daniel Thayer <dnthayer at illinois.edu> wrote:
> I like this idea (it seems MUCH easier to use). How would
> "suppress_for" be implemented in the evented model?
Suppression is implemented at a pretty low level in the notice framework. That Notice::policy event would never be generated for suppressed notices (just like the notice policy variable currently isn't evaluated for suppressed notices).
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list