Functional intelligence framework.

- All 5 intelligence tests pass.
- Some initial memory optimizations done.
  - More work needs done to reduce duplicate data in memory.
- Input framework integration.
  - Define files to read in the "Bro intelligence format" in Intel::read_files.
- Cluster transparency.
- DNS Zones are a fully supported data type.
  - Queries for Intel::DOMAIN values will automatically check in DNS_ZONE intelligence.

testing/btest/scripts/base/frameworks/intel/item-merge.bro

@@ -0,0 +1,23 @@
+# @TEST-EXEC: bro %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+event bro_init()
+	{
+	Intel::insert([$ip=1.2.3.4, $meta=[$source="source1-feed1", $class=Intel::MALICIOUS, $tags=set("foo")]]);
+	Intel::insert([$ip=1.2.3.4, $meta=[$source="source2-special-sauce", $class=Intel::MALICIOUS, $tags=set("foo","bar")]]);
+
+	# Lookup should return the items matching the query.
+	local items = Intel::lookup([$ip=1.2.3.4]);
+	print fmt("Number of matching intel items: %d (should be 2)", |items|);
+
+	# This can be considered an update of a previous value since the
+	# data, source, and class are the matching points for determining sameness.
+	Intel::insert([$ip=1.2.3.4, $meta=[$source="source2-special-sauce", $class=Intel::MALICIOUS, $tags=set("foobar", "testing")]]);
+	items = Intel::lookup([$ip=1.2.3.4]);
+	print fmt("Number of matching intel items: %d (should still be 2)", |items|);
+
+	# This is a new value.
+	Intel::insert([$ip=1.2.3.4, $meta=[$source="source3", $class=Intel::MALICIOUS]]);
+	items = Intel::lookup([$ip=1.2.3.4]);
+	print fmt("Number of matching intel items: %d (should be 3)", |items|);
+	}