[Bro] question about emailing hits from the intel framework
Derek Banks
itsecderek at gmail.com
Wed Sep 18 12:35:04 PDT 2013
I am still learning Bro, so I apologize if this is a noob question.
Is there a way to get Bro to email hits from the intel framework? I have
Bro emailing me, and am able to get test domains to fire and populate the
intel.log.
I tried:
redef Notice::emailed_types += {
Intel::DOMAIN,
};
But I suppose that the intel hits are outside of the notice framework? my
BroFu is not strong enough to figure this out myself.
Regards,
Derek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130918/8fceecce/attachment.html
More information about the Bro
mailing list