base/frameworks/intel/input.zeek

Intel

Input handling for the intelligence framework. This script implements the import of intelligence data from files using the input framework.

Namespace:Intel
Imports:base/frameworks/intel/main.zeek

Summary

Redefinable Options

Intel::path_prefix: string &redef An optional path prefix for intel files.
Intel::read_files: set &redef Intelligence files that will be read off disk.

Detailed Interface

Redefinable Options

Intel::path_prefix
Type:string
Attributes:&redef
Default:""

An optional path prefix for intel files. This prefix can, but need not be, absolute. The default is to leave any filenames unchanged. This prefix has no effect if a read_file entry is an absolute path. This prefix gets applied _before_ entering the input framework, so if the prefix is absolute, the input framework won’t munge it further. If it is relative, then any path_prefix specified in the input framework will apply additionally.

Intel::read_files
Type:set [string]
Attributes:&redef
Default:{}

Intelligence files that will be read off disk. The files are reread every time they are updated so updates must be atomic with “mv” instead of writing the file in place.