Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Clarifying notice documentation.

Browse source 
Closes BIT-1405.
This commit is contained in:
Robin Sommer 2016-05-27 13:22:24 -07:00
parent 476891c14a
commit c74effad42
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
doc/frameworks/notice.rst
View file

@ -83,9 +83,9 @@ The hook :bro:see:`Notice::policy` provides the mechanism for applying
actions and generally modifying the notice before it's sent onward to actions and generally modifying the notice before it's sent onward to
the action plugins. Hooks can be thought of as multi-bodied functions the action plugins. Hooks can be thought of as multi-bodied functions
and using them looks very similar to handling events. The difference and using them looks very similar to handling events. The difference
is that they don't go through the event queue like events. Users should is that they don't go through the event queue like events. Users can
directly make modifications to the :bro:see:`Notice::Info` record alter notice processing by directly modifying fields in the
given as the argument to the hook. :bro:see:`Notice::Info` record given as the argument to the hook.
Here's a simple example which tells Bro to send an email for all notices of Here's a simple example which tells Bro to send an email for all notices of
type :bro:see:`SSH::Password_Guessing` if the guesser attempted to log in to type :bro:see:`SSH::Password_Guessing` if the guesser attempted to log in to