Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/frameworks/notice
History
Jon Siwek d3f88ba9d1 Improve performance of MHR script, addresses BIT-1139. 
The MHR script involves a "when" statement which can be expensive due to
the way it clones frames/vals.  In this case, the fa_file record is
expensive to clone, but this change works around that by unrolling only
the necessary fields from it that are needed to populate a Notice::Info
record.  A drawback to this is that the full fa_file or connection
records aren't available in the Notice::Info record when evaluating
Notice::policy hooks for MHR hit notices (though they can possibly be
recovered by using e.g. the lookup_connection() builtin_function).
2014-03-11 13:18:14 -05:00
..
actions Document which Bro script vars are set by BroControl 2013-10-22 16:40:29 -05:00
extend-email Updates for the notices framework. 2013-02-11 14:36:14 -05:00
__load__.bro Updates for the notices framework. 2013-02-11 14:36:14 -05:00
cluster.bro change Notice::suppressing to be a table of times 2013-12-31 10:09:44 -05:00
main.bro Improve performance of MHR script, addresses BIT-1139. 2014-03-11 13:18:14 -05:00
non-cluster.bro Fix typos and formatting in the notice framework docs 2013-10-22 09:16:29 -05:00
README Add more script package README files 2013-10-22 14:44:59 -05:00
weird.bro Fix typos and formatting in the notice framework docs 2013-10-22 09:16:29 -05:00

README 

The notice framework enables Bro to "notice" things which are odd or
potentially bad, leaving it to the local configuration to define which
of them are actionable.  This decoupling of detection and reporting allows
Bro to be customized to the different needs that sites have.