Moved verb ACTION_DROP from policy/frameworks/netcontrol/catch-and-release.zeek to base/frameworks/notice/main.zeek.

ACTION_DROP is not only part of catch-n-release subsystem. Also, historically ACTION_DROP has been bundled with ACTION_LOG, ACTION_ALARM, ACTION_EMAIL... and its helpful that this verb remains in base/frameworks/notice/main.zeek
2025-10-02 06:38:20 +00:00 · 2020-08-12 10:13:27 -07:00 · 2020-08-12 10:13:27 -07:00 · 496f6d4935
commit 496f6d4935
parent f1ed66d52c
2 changed files with 4 additions and 5 deletions
--- a/scripts/base/frameworks/notice/main.zeek
+++ b/scripts/base/frameworks/notice/main.zeek
@ -44,6 +44,10 @@ export {
 		## ASCII version of the alarm log is emailed in bulk to the
 		## address(es) configured in :zeek:id:`Notice::mail_dest`.
 		ACTION_ALARM,
+		## Indicates that the notice results in a drop action. A drop 
+		## action can be nullzero, acld drop or a filter as per 
+		## configured in :zeek:see:`NetControl::acld_rule_policy`. 
+		ACTION_DROP, 
 	};

 	## Type that represents a set of actions.
--- a/scripts/policy/frameworks/notice/actions/drop.zeek
+++ b/scripts/policy/frameworks/notice/actions/drop.zeek
@ -8,11 +8,6 @@
 module Notice;

 export {
-	redef enum Action += {
-		## Drops the address via :zeek:see:`NetControl::drop_address_catch_release`.
-		ACTION_DROP
-	};
-
 	redef record Info += {
 		## Indicate if the $src IP address was dropped and denied
 		## network access.