[Bro] Can't get "Notice::ACTION_EMAIL" to work
Azoff, Justin S
jazoff at illinois.edu
Thu Jan 19 12:02:58 PST 2017
> On Jan 19, 2017, at 2:14 PM, Aashish Sharma <asharma at lbl.gov> wrote:
>
>
> Then,
>
> hook Notice::policy(n: Notice::Info)
> {
> if ( n$note == Virus_Total_Alert)
> { add n$actions[Notice::ACTION_EMAIL];}
> }
This 2nd part is a common use case and is also built into the default notice::policy as
if ( n$note in Notice::emailed_types )
add n$actions[ACTION_EMAIL];
so all you need in your scripts is
redef Notice::emailed_types += {
Virus_Total_Alert
};
--
- Justin Azoff
More information about the Bro
mailing list