[Bro] Bro email notice question
Jan Grashöfer
jan.grashoefer at gmail.com
Thu Mar 24 08:14:54 PDT 2016
Hi Scotty,
> I've tried, but can't figure out how I add $sources from the Intel log into say $sub in /opt/bro/share/bro/policy/intel/do_notice.bro
Some time ago, I adapted the do_notice.bro script to add an identifier
(for notice suppression) and also added some information (e.g. intel
source) to the mails (see
https://gist.github.com/J-Gras/c2e0853c93c0bdc74522). I hope this will
help you :)
Regards,
Jan
More information about the Bro
mailing list