Thanks, will add. Robin
On Tue, Aug 09, 2016 at 16:23 +0200, you wrote: > > Could folks take a look at NEWS and see what's missing? > > ... > > - Document the recent intel framework updates. > > For the NEWS (all changes, feel free to cut down): > > +++ > - Bro's Intelligence Framework was refactored and new functionality > has been added: > > - The intel framework now supports the new indicator type > Intel::SUBNET. As subnets are matched against seen addresses, > the field 'matched' was introduced to indicate which indicator > type(s) caused the hit. > > - The new function remove() allows to delete intelligence items. > > - The intel framework now supports expiration of intelligence items. > Expiration can be configured by using Intel::item_expiration and > can be handled by using the item_expired() hook. The new script > do_expire.bro removes expired items. > > - The new hook extend_match() allows extending the framework. The new > policy script whitelist.bro uses the hook to implement whitelisting. > > - Intel notices are now suppressible and mails for intel notices now > list the identified services as well as the intel source. > +++ > > Additionally I talked to Seth about documentation of the new features. > He suggested to write a blog post. I've already started but as I am > quite busy at the moment it will take some more time. > > Best regards, > Jan > _______________________________________________ > bro-dev mailing list > bro-dev@bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > -- Robin Sommer * ICSI/LBNL * ro...@icir.org * www.icir.org/robin _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev