- When ACTION_EMAIL_ADMIN_ORIG or ACTION_EMAIL_ADMIN_RESP
is applied to a notice,
the email addresses associated with the address
are collected from the new local_admins table
and the email is sent to all discovered email addresses.
- The site.bro script is now in the Site module.
- Some other small cleanup.
- Defaults for all built-in asset tracking changed to LOCAL_HOSTS
- Added a tuning script for changing asset tracking
to ALL_HOSTS in all of the core scripts that do
asset tracking.
- Default Notice::policy files notices instead of alarming on them.
- Moved KnownHosts::Info back to export section because
the log_known_hosts event can't be defined in the
export section without it.
- Moved the Malware Hash Registry detection out of
the core HTTP protocol scripts and added it to the
all.bro script.
- Split enum values into two separate enums.
- Renamed to fit the enum naming convention.
- New global variable named default_asset_tracking
that changes default behavior of any script that
tracks assets, usually by storing some amount
of information about the network in memory.
- Changed enum values to determine hosts and directions.
- Fixed a bug in detecting mail clients.
- Fixed a couple of problems with vulnerable software detection.
- New variable "Software::asset_tracking" for
determining which software to track.
