Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Some script reorg and a new intel extension script.

Browse source 
- policy/frameworks/intel/seen is the new location for the scripts
    that push data into the intel framework for checking.

  - The new policy/frameworks/intel/do_notice script adds an example
    mechanism for data driven notices.
This commit is contained in:
Seth Hall 2013-07-29 16:40:16 -04:00
parent d380161244
commit 32f1c736f7
15 changed files with 67 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/frameworks/intel/main.bro
View file

@ -63,9 +63,6 @@ export {
IN_ANYWHERE,
};
## The $host field and combination of $str and $str_type fields are mutually
## exclusive. These records *must* represent either an IP address being
## seen or a string being seen.
type Seen: record {
## The string if the data is about a string.
indicator: string &log &optional;