zeek/scripts/base/frameworks/notice at 2dbca1ccd93da3b949e90f76a236060d0b04bdae - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00

History

Jon Siwek d3f88ba9d1 Improve performance of MHR script, addresses BIT-1139. The MHR script involves a "when" statement which can be expensive due to the way it clones frames/vals. In this case, the fa_file record is expensive to clone, but this change works around that by unrolling only the necessary fields from it that are needed to populate a Notice::Info record. A drawback to this is that the full fa_file or connection records aren't available in the Notice::Info record when evaluating Notice::policy hooks for MHR hit notices (though they can possibly be recovered by using e.g. the lookup_connection() builtin_function).		2014-03-11 13:18:14 -05:00
..
actions	Document which Bro script vars are set by BroControl	2013-10-22 16:40:29 -05:00
extend-email	Updates for the notices framework.	2013-02-11 14:36:14 -05:00
__load__.bro	Updates for the notices framework.	2013-02-11 14:36:14 -05:00
cluster.bro	change Notice::suppressing to be a table of times	2013-12-31 10:09:44 -05:00
main.bro	Improve performance of MHR script, addresses BIT-1139.	2014-03-11 13:18:14 -05:00
non-cluster.bro	Fix typos and formatting in the notice framework docs	2013-10-22 09:16:29 -05:00
README	Add more script package README files	2013-10-22 14:44:59 -05:00
weird.bro	Fix typos and formatting in the notice framework docs	2013-10-22 09:16:29 -05:00

README

The notice framework enables Bro to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Bro to be customized to the different needs that sites have.