[Bro] Bro email notice question
Scotty Brown
scotty.b.brown at gmail.com
Sun Apr 3 14:52:48 PDT 2016
Hi Seth,
It's saved us a BUNCH of time already - just having the notice source in
the email by default.
Would def +1 having these rolled back in at some point :)
Cheers,
Scotty
On 04/04/16 05:05, Seth Hall wrote:
>> On Mar 29, 2016, at 12:15 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>>
>> If I remember correctly, the intention of do_notice.bro was to provide
>> an example how the intel-framework could be used in this context. I
>> think the example somehow became the default.
> Yep, that script is really only meant as an example and it's not loaded by default in Bro. I believe that criticalstack has chosen to load that script though.
>
> We certainly aren't against fixing up any scripts in Bro to make them more generally useful though, and from a quick skim it looks like those are totally reasonable changes which I apparently missed when I was writing that script.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list