mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
2d85ab9818
- Duplicate notices are discovered with the new Notice::Info field $identifier. It's a string that is left up to the notice implementor to define which would indicate a fundamentally duplicate notice. The field is optional and if it's not included it's not possible for notice suppression to take place. - Duplicate notices are suppressed by default for the interval defined by the Notice::default_suppression_interval variable (1 hour by default). - A new notice action was defined ACTION_NO_SUPPRESS to prevent suppression for a specific notice instance. A convenience set named not_suppressed_types was also created to not suppress entire notice types. - A new field was added to the PolicyItem type to modify the length of time a notice should be suppressed if the predicate matches. The field is named $suppress_for. This name makes the code more readable like this: $suppress_for = 1day - New events were created to give visibility into the notice framework's suppression activity. - event Notice::begin_suppression(n: Notice::Info) - event Notice::suppressed(n: Notice::Info) - event Notice::end_suppression(n: Notice::Info) - The suppression.bro script doesn't have a baseline because it is causing a segfault in Bro. This one test is the reason that this is being integrated into a branch instead of master. |
||
|---|---|---|
| .. | ||
| btest | ||
| external | ||
| scripts | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Bro's correct
operation:
btest/
An ever-growing set of small unit tests testing Bro's
functionality.
external/
A framework for downloading additional test sets that run more
complex Bro configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.