'Re: [security-onion] Bro email alerts'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] Bro email alerts
From:       Doug Burks <doug.burks () gmail ! com>
Date:       2015-08-25 14:56:59
Message-ID: CAK8kjrA5Cph_b1jj+ayEFwzh_E+2+ArPbdTQhhOinQXfMDGRsA () mail ! gmail ! com
[Download RAW message or body]

Hi Scotty,

Based on a quick look at the Bro documentation, it looks like both
ACTION_ALARM and ACTION_EMAIL are valid depending on what exactly
you're trying to do:
https://www.bro.org/sphinx/scripts/base/frameworks/notice/main.bro.html
https://www.bro.org/sphinx-git/frameworks/notice.html

On Tue, Aug 25, 2015 at 8:39 AM, Scotty Brown <scotty.b.brown@gmail.com> wrote:
> Hi list,
> 
> I'm slowly getting to know SO more, and have been doing some work with email
> alerting for the different parts.
> 
> On the Wiki page
> (https://github.com/Security-Onion-Solutions/security-onion/wiki/Email#how-do-i-configure-the-os-itself-to-send-emails)
>  I see:
> 
> hook Notice::policy(n: Notice::Info)
> {
> add n$actions[Notice::ACTION_ALARM];
> }
> 
> 
> Should the ACTION_ALARM be ACTION_EMAIL (that's what I'm using) or am I
> missing something?
> 
> If I use ACTION_ALARM I get no emails, if I use ACTION_EMAIL I get emails...
> 
> I am running Bro 2.4
> 
> Cheers,
> 
> Scotty
> 
> --
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

-- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic