[Bro-Dev] Support for HTTP body extraction of originator
vallentin at icir.org
Mon Apr 22 08:19:44 PDT 2013
> Do I need to add an 'is_orig' flag to at least the 'file_new' event?
I don't know the internals of the FA framework, I just recall a record
fa_file which appears to be what the Info record is to the logging
framework. Could it make sense to put the directionality in there for
more flexibility? Then users can access this information in any event.
More information about the bro-dev