notice

policy/frameworks/notice/extend-email/hostnames.zeek

Loading this script extends the Notice::ACTION_EMAIL action by appending to the email the hostnames associated with Notice::Info’s src and dst fields as determined by a DNS lookup.

policy/frameworks/notice/actions/drop.zeek

This script extends the built in notice code to implement the IP address dropping functionality.

policy/frameworks/notice/community-id.zeek