- Split Item into Item and QueryItem as suggested by Robin.
- QueryItem now has $and_tags and $or_tags. Each
acts as AND or OR for the given tags against
each relevant metadata value.
- 'insert' turned into a function and new insert_event created.
- First use of intelligence framework in HTTP analysis.
- Defaults for all built-in asset tracking changed to LOCAL_HOSTS
- Added a tuning script for changing asset tracking
to ALL_HOSTS in all of the core scripts that do
asset tracking.
- Default Notice::policy files notices instead of alarming on them.
- Moved KnownHosts::Info back to export section because
the log_known_hosts event can't be defined in the
export section without it.
- Moved the Malware Hash Registry detection out of
the core HTTP protocol scripts and added it to the
all.bro script.
- Fixed bug with new sessions accidently being created
just after logging which caused a lot of empty records
to be logged.
- Readded the HTTP::MD5 notice for when an MD5 sum is
calculated for HTTP response bodies.
- Fixed bug with extracting value from content-length
headers.
- Flushing values from md5 sum generation more reliably
to avoid leaking memory.
