Remove Intel Broker topics, re-use existing Cluster topics

And update broker docs to reflect best-practice/convention for declaring new topics.
2025-10-08 17:48:21 +00:00 · 2018-08-28 15:43:34 -05:00 · 2018-08-28 15:43:34 -05:00 · 2f1e81059b
commit 2f1e81059b
parent 1a75ef2abd
2 changed files with 19 additions and 29 deletions
--- a/scripts/base/frameworks/intel/cluster.bro
+++ b/scripts/base/frameworks/intel/cluster.bro
@ -6,21 +6,6 @@

 module Intel;

-export {
-	## Broker topic for management of intel items. Sending insert_item and
-	## remove_item events, peers can manage intelligence data.
-	const item_topic = "bro/intel/items" &redef;
-
-	## Broker topic for management of intel indicators as stored on workers
-	## for matching. Sending insert_indicator and remove_indicator events,
-	## the back-end manages indicators.
-	const indicator_topic = "bro/intel/indicators" &redef;
-
-	## Broker topic for matching events, generated by workers and sent to
-	## the back-end for metadata enrichment and logging.
-	const match_topic = "bro/intel/match" &redef;
-}
-
 # Internal events for cluster data distribution.
 global insert_item: event(item: Item);
 global insert_indicator: event(item: Item);
@ -33,10 +18,7 @@ redef have_full_data = F;
@if ( Cluster::local_node_type() == Cluster::MANAGER )
 event bro_init()
 	{
-	Broker::subscribe(item_topic);
-	Broker::subscribe(match_topic);
-
-	Broker::auto_publish(indicator_topic, remove_indicator);
+	Broker::auto_publish(Cluster::worker_topic, remove_indicator);
 	}

 # Handling of new worker nodes.
@ -54,12 +36,12 @@ event Cluster::node_up(name: string, id: string)
 # has to be distributed.
 event Intel::new_item(item: Item) &priority=5
 	{
-	local pt = Cluster::rr_topic(Cluster::proxy_pool, indicator_topic);
+	local pt = Cluster::rr_topic(Cluster::proxy_pool, "intel_insert_rr_key");

 	if ( pt == "" )
 		# No proxies alive, publish to all workers ourself instead of
 		# relaying via a proxy.
-		pt = indicator_topic;
+		pt = Cluster::worker_topic;

 	Broker::publish(pt, Intel::insert_indicator, item);
 	}
@ -87,17 +69,15 @@ event Intel::match_remote(s: Seen) &priority=5
@if ( Cluster::local_node_type() == Cluster::WORKER )
 event bro_init()
 	{
-	Broker::subscribe(indicator_topic);
-
-	Broker::auto_publish(match_topic, match_remote);
-	Broker::auto_publish(item_topic, remove_item);
+	Broker::auto_publish(Cluster::manager_topic, match_remote);
+	Broker::auto_publish(Cluster::manager_topic, remove_item);
 	}

 # On a worker, the new_item event requires to trigger the insertion
 # on the manager to update the back-end data store.
 event Intel::new_item(item: Intel::Item) &priority=5
 	{
-	Broker::publish(item_topic, Intel::insert_item, item);
+	Broker::publish(Cluster::manager_topic, Intel::insert_item, item);
 	}

 # Handling of new indicators published by the manager.
@ -111,7 +91,7 @@ event Intel::insert_indicator(item: Intel::Item) &priority=5
 event Intel::insert_indicator(item: Intel::Item) &priority=5
 	{
 	# Just forwarding from manager to workers.
-	Broker::publish(indicator_topic, Intel::insert_indicator, item);
+	Broker::publish(Cluster::worker_topic, Intel::insert_indicator, item);
 	}
@endif