[Bro] Intel hits not being emailed
Harry Hoffman
hhoffman at ip-solutions.net
Sat Nov 8 17:55:02 PST 2014
Hi All,
Using CIF with my bro install (checked out from git). I've got the
following in my local.bro:
@load frameworks/intel/seen
@load frameworks/intel/do_notice
@load policy/integration/collective-intel
redef Intel::read_files += {
"/usr/local/bro/share/bro/site/infrastructure_scan.intel",
"/usr/local/bro/share/bro/site/domain_botnet.intel",
};
redef Notice::emailed_types += {
Intel::Notice,
};
redef Notice::type_suppression_intervals += {
[Intel::Notice] = 1day,
};
I see hits in my intel.log files but I don't get emails about this. Am I
missing something? I'd taken this directly from the bro blog.
Cheers,
Harry
More information about the Bro
mailing list