[Bro-Dev] changing Notice::policy mechanism

Seth Hall seth at icir.org
Fri Nov 9 13:57:30 PST 2012


On Nov 9, 2012, at 11:12 AM, Robin Sommer <robin at icir.org> wrote:

> Actually I like this best of all yet.

Is everyone that cares to speak up ok with "hook"?  

Seems to make sense to me since I think what we're talking about here will be used as a way to synchronously hook into processing in various places (in a less syntactically verbose manner than the current approach in the notice framework).  Notice and file analysis hooking is essentially trying to hook into those processing pipelines to change how they are dealt with.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list