diff --git a/scripts/policy/misc/app-metrics.bro b/scripts/policy/misc/app-metrics.bro index d88eb8fe6e..f8e4ae2491 100644 --- a/scripts/policy/misc/app-metrics.bro +++ b/scripts/policy/misc/app-metrics.bro @@ -16,7 +16,7 @@ export { }; ## The frequency of logging the stats collected by this script. - const break_interval = 1min &redef; + const break_interval = 15mins &redef; } function app_metrics_rollup(index: Metrics::Index, vals: table[string, string] of Metrics::ResultVal) diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.bro index 051d81c5c7..e62d370e45 100644 --- a/scripts/policy/misc/detect-traceroute/main.bro +++ b/scripts/policy/misc/detect-traceroute/main.bro @@ -34,7 +34,7 @@ export { ## Interval at which to watch for the ## :bro:id:`ICMPTimeExceeded::icmp_time_exceeded_threshold` variable to be crossed. ## At the end of each interval the counter is reset. - const icmp_time_exceeded_interval = 1min &redef; + const icmp_time_exceeded_interval = 3min &redef; ## The log record for the traceroute log. type Info: record { diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index 06f14219d1..21164bc126 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -74,7 +74,7 @@ event bro_init() &priority=3 $email_body_sections=vector(format_sqli_samples(val$samples)), $src=index$host, $identifier=cat(index$host)]); - }, $log=F]); + }]); Metrics::add_filter("http.sqli.victim", [$every=sqli_requests_interval, @@ -87,7 +87,7 @@ event bro_init() &priority=3 $email_body_sections=vector(format_sqli_samples(val$samples)), $src=index$host, $identifier=cat(index$host)]); - }, $log=F]); + }]); } event http_request(c: connection, method: string, original_URI: string,