mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Added policy script for intel removal.
This commit is contained in:
Jan Grashoefer
parent
0f86aaff4b
commit
c301e1c9b4
1 changed files with 23 additions and 0 deletions
23
scripts/policy/frameworks/intel/removal.bro
Normal file
23
scripts/policy/frameworks/intel/removal.bro
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
##! This script enables removal of intelligence items.
|
||||
|
||||
@load base/frameworks/intel
|
||||
|
||||
module Intel;
|
||||
|
||||
export {
|
||||
redef record Intel::MetaData += {
|
||||
## A boolean value to indicate whether the item should be removed.
|
||||
remove: bool &default=F;
|
||||
};
|
||||
}
|
||||
|
||||
hook Intel::filter_item(item: Item)
|
||||
{
|
||||
if ( item$meta$remove )
|
||||
{
|
||||
Intel::remove(item);
|
||||
# Prevent readding
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue