Guest blogger, Jan Grashöfer, has written a blog about updates to the Bro Intelligence Framework.
You can read the full post here, below is a summary:
http://blog.bro.org/2016/12/the-intelligence-framework-update.html
Summary
This blog post discusses the data model of Bro's intelligence framework and the new remove function. Furthermore the intelligence expiration and match extension mechanisms are explained. Finally the new type for subnets and the changes to the do_notice.bro script are reviewed. I hope this post could shed some light on the ideas behind Bro's intelligence framework. Have fun integrating the framework into your Bro deployment!
Thanks Jan for your contribution!