zeek/scripts/base/frameworks/notice at 496f6d49359d7d3fade72908b427825f0cb35d94 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00

History

Aashish Sharma 496f6d4935 Moved verb ACTION_DROP from policy/frameworks/netcontrol/catch-and-release.zeek to base/frameworks/notice/main.zeek. ACTION_DROP is not only part of catch-n-release subsystem. Also, historically ACTION_DROP has been bundled with ACTION_LOG, ACTION_ALARM, ACTION_EMAIL... and its helpful that this verb remains in base/frameworks/notice/main.zeek		2020-08-12 10:13:27 -07:00
..
actions	Change notices to be processed on worker.	2019-06-25 13:51:27 -07:00
__load__.zeek	GH-379: move catch-and-release and unified2 scripts to policy/	2019-06-05 13:33:45 -07:00
main.zeek	Moved verb ACTION_DROP from policy/frameworks/netcontrol/catch-and-release.zeek to base/frameworks/notice/main.zeek.	2020-08-12 10:13:27 -07:00
README	More bro-to-zeek renaming in scripts and other files	2019-05-16 02:36:41 -05:00
weird.zeek	GH-998: Fix Reporter::conn_weird() to handle expired connections	2020-06-15 12:57:47 -07:00

README

The notice framework enables Zeek to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Zeek to be customized to the different needs that sites have.