[Bro] SQLite logging and as white/blacklist in a cluster
Azoff, Justin S
jazoff at illinois.edu
Wed Oct 26 13:24:10 PDT 2016
> On Oct 26, 2016, at 4:15 PM, Papulis, George <george.papulis at wustl.edu> wrote:
>
> Just once a day
If you are raising a notice, you can use suppression that is built in:
https://www.bro.org/sphinx-git/frameworks/notice.html#automated-suppression
otherwise see how the known hosts policy does it:
https://www.bro.org/sphinx/_downloads/known-hosts.bro
--
- Justin Azoff
More information about the Bro
mailing list