[Bro] Advanced filtering

[Thomas, Eric D]

I'd like to stop processing the packets associated with connections that meet certain heuristics. The goal would be to minimize the internal and script-based processing Bro does on those connections after the heuristic conditions are met, for performance and log size reasons. Is skip_further_processing the right BIF to use, or is there something more efficient or effective? 
--
Eric Thomas
edthoma at sandia.gov