Faster Bro Summary of Alerts

Hello Everyone,

New to bro so please bare with me, but i can’t seem to find my answer online.

Can anyone tell me / point me in the direction to setup bro to have the alert notices come in every 5-10 mins and not hourly?

I don’t want to connection summary every 5 mins, that can stay every hour, I just want to see the SSH password guessing faster.

This will send you an email each time the notice happens:

  redef Notice::emailed_types += { SSH::Password_Guessing };


Add this field to any notice interval you’d like to change:


By default notices are suppressed for one hour, but it can be overridden with the line above. In practice that would look like …

$msg=fmt("%s appears to be guessing SSH passwords (seen in %d connections).", key$host, r$num),