[Bro] bro notice framework
bz Os
ossamabzos at gmail.com
Mon May 7 04:34:32 PDT 2018
hello Evry one i attempt to have a notice on my email when an scan against
my network done ,i writed this script :
@load policy/misc/scan.bro
> hook Notice::policy(n:Notice::type){
> if(n$note==Scan::Address_Scan){
> add n$actions[Notice::ACTION_EMAIL];
> }
> }
but when i test scan against my network ,i had nothing in my email ,but i
have a notice that a scan is made in the file notice.log
how can i resolve this probleme?
and how make the file notice.log to log a significant notice for example
when a scan is made it wil create scan made by and adresse of the host
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180507/9ad320e9/attachment.html
More information about the Bro
mailing list