[Bro-Dev] Updating NEWS for 2.5
Robin Sommer
robin at icir.org
Tue Aug 9 08:21:20 PDT 2016
Thanks, will add.
Robin
On Tue, Aug 09, 2016 at 16:23 +0200, you wrote:
> > Could folks take a look at NEWS and see what's missing?
> > ...
> > - Document the recent intel framework updates.
>
> For the NEWS (all changes, feel free to cut down):
>
> +++
> - Bro's Intelligence Framework was refactored and new functionality
> has been added:
>
> - The intel framework now supports the new indicator type
> Intel::SUBNET. As subnets are matched against seen addresses,
> the field 'matched' was introduced to indicate which indicator
> type(s) caused the hit.
>
> - The new function remove() allows to delete intelligence items.
>
> - The intel framework now supports expiration of intelligence items.
> Expiration can be configured by using Intel::item_expiration and
> can be handled by using the item_expired() hook. The new script
> do_expire.bro removes expired items.
>
> - The new hook extend_match() allows extending the framework. The new
> policy script whitelist.bro uses the hook to implement whitelisting.
>
> - Intel notices are now suppressible and mails for intel notices now
> list the identified services as well as the intel source.
> +++
>
> Additionally I talked to Seth about documentation of the new features.
> He suggested to write a blog post. I've already started but as I am
> quite busy at the moment it will take some more time.
>
> Best regards,
> Jan
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the bro-dev
mailing list