[Bro] Scan ports doubt

Cristian Barbaro cbarbaro at cert.unlp.edu.ar
Tue Dec 15 15:13:59 PST 2015


Perfect. Works fine.

Thank you.

El 15/12/15 a las 19:27, Azoff, Justin S escribió:
> Duplicate notices are suppressed so that you don't get notified about the same event over and over again.
>
> Try something like this in your local.bro
>
>     redef Notice::type_suppression_intervals += {
>         [Scan::Port_Scan]    = 60sec,
>         [Scan::Address_Scan] = 60sec,
>     };
>



More information about the Bro mailing list