Table of Contents
conn.log
uid
dns.log
http.log
files.log
ftp.log
ssl.log
x509.log
smtp.log
pe.log
net user
notice.log
dce_rpc.log
kerberos.log
smb_mapping.log
extract_files/
smb_files.log
smb_mapping
ntlm.log
irc.log
rdp.log
traceroute.log
tunnel.log
dpd.log
known_certs.log
known_hosts.log
known_services.log
software.log
weird.log
capture_loss.log
reporter.log
init-plugin
This script enables notice generation for intelligence matches.
Intel
base/frameworks/intel, base/frameworks/notice
Intel::MetaData: record
Intel::MetaData
record
bool
&default
F
&optional
A boolean value to allow the data itself to represent if the indicator that this metadata is attached to is notice worthy.
Intel::Where
Restrictions on when notices are created to only create them if the do_notice field is T and the notice was seen in the indicated location.
Notice::Type: enum
Notice::Type
enum
Intel::Notice: This notice is generated when an intelligence indicator is denoted to be notice-worthy.
Intel::Notice