Added hook to filter intelligence items.

scripts/base/frameworks/intel/main.bro

@@ -173,6 +173,14 @@ export {
 	## be removed.
 	global item_expired: hook(indicator: string, indicator_type: Type, metas: set[MetaData]);
 
+	## This hook can be used to filter intelligence items that are about to be
+	## inserted into the internal data store. In case the hook execution is
+	## terminated using break, the item will not be (re)added to the internal
+	## data store.
+	##
+	## item: The intel item that should be inserted.
+	global filter_item: hook(item: Intel::Item);
+
 	global log_intel: event(rec: Info);
 }
 
@@ -496,8 +504,11 @@ function _insert(item: Item, first_dispatch: bool &default = T)
 
 function insert(item: Item)
 	{
-	# Insert possibly new item.
+	if ( hook filter_item(item) )
-	_insert(item, T);
+		{
+		# Insert possibly new item.
+		_insert(item, T);
+		}
 	}
 
 # Function to check whether an item is present.

testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	reporter
-#open	2018-02-27-17-25-30
+#open	2019-03-24-20-20-10
 #fields	ts	level	message	location
 #types	time	enum	string	string
-0.000000	Reporter::INFO	Tried to remove non-existing item '192.168.1.1' (Intel::ADDR).	/home/jgras/devel/bro/scripts/base/frameworks/intel/./main.bro, lines 552-553
+0.000000	Reporter::INFO	Tried to remove non-existing item '192.168.1.1' (Intel::ADDR).	/home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.bro, lines 563-564
 0.000000	Reporter::INFO	received termination signal	(empty)
-#close	2018-02-27-17-25-30
+#close	2019-03-24-20-20-10