Since the changes are impressive, a blog post would be a great idea indeed. Bro is first (?) on the market (again!) to come up with something like this :)
Such post should describe all new Intel framework feature and give examples how to use them. > On 09 Aug 2016, at 17:21, Robin Sommer <[email protected]> wrote: > > Thanks, will add. > > Robin > > On Tue, Aug 09, 2016 at 16:23 +0200, you wrote: > >>> Could folks take a look at NEWS and see what's missing? >>> ... >>> - Document the recent intel framework updates. >> >> For the NEWS (all changes, feel free to cut down): >> >> +++ >> - Bro's Intelligence Framework was refactored and new functionality >> has been added: >> >> - The intel framework now supports the new indicator type >> Intel::SUBNET. As subnets are matched against seen addresses, >> the field 'matched' was introduced to indicate which indicator >> type(s) caused the hit. >> >> - The new function remove() allows to delete intelligence items. >> >> - The intel framework now supports expiration of intelligence items. >> Expiration can be configured by using Intel::item_expiration and >> can be handled by using the item_expired() hook. The new script >> do_expire.bro removes expired items. >> >> - The new hook extend_match() allows extending the framework. The new >> policy script whitelist.bro uses the hook to implement whitelisting. >> >> - Intel notices are now suppressible and mails for intel notices now >> list the identified services as well as the intel source. >> +++ >> >> Additionally I talked to Seth about documentation of the new features. >> He suggested to write a blog post. I've already started but as I am >> quite busy at the moment it will take some more time. >> >> Best regards, >> Jan >> _______________________________________________ >> bro-dev mailing list >> [email protected] >> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > > > -- > Robin Sommer * ICSI/LBNL * [email protected] * www.icir.org/robin > _______________________________________________ > bro-dev mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
