#914: topic/seth/intel-framework
----------------------------+------------------------
Reporter: seth | Owner: robin
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------------+------------------------
Comment (by robin):
Good stuff.
Questions:
- why not load the various seen() handlers in base/* rather than policy/*?
Isn't part of the beauty here that it will just find stuff once intel data
has been loaded?
- cluster.bro: {{{initial_sync}}} never gets reset; that doesn't seem to
work if I restart everything except the manager, right?
- {{{match_no_items}}} is not a very intuitive name imo :)
- didn't you have some initial documentation as well, or do I misremember
that?
- Should scripts/policy/protocols/http/detect-intel.bro looks go now?
Likewise, there are old tests in {{{scripts/base/frameworks/intel/}}} that
use {{{Intel::matcher}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/914#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
