[Zeek] Multiple email recipients
Nicolas KRASINSKI
krasinski at cines.fr
Thu Feb 7 08:08:47 PST 2019
Hello,
I found "Notice::mail_dest",
So I define this in my script :
redef Notice::mail_dest = "user at domain.com";
redef Notice::emailed_types += { SSH::Password_Guessing, };
hook Notice::policy(n: Notice::Info) {
if ( n$note == SSH::Password_Guessing )
add n$actions[Notice::ACTION_EMAIL]; }
It doesn't work... the alert is always sent to the default email in broctl.cfg.
I see in documentation : "Note this is overridden by the BroControl MailTo option."
Do you how I can use ' mail_dest' option correctly ?
Thanks
Nicolas.
De: "krasinski" <krasinski at cines.fr>
À: "zeek" <zeek at zeek.org>
Envoyé: Mardi 5 Février 2019 15:34:35
Objet: [Zeek] Multiple email recipients
Hello,
Is there a way ton have multiple recipient of the Bro alerts ?
I have a script that sends emails for 5 alerts. I would like to send some alerts to some different recipients...
Could define this directly in my script or in brotctl.cfg or others ?
Thanks in advance for your help
Nicolas
_______________________________________________
Zeek mailing list
zeek at zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190207/86e15eee/attachment.html
More information about the Zeek
mailing list