I am still learning Bro, so I apologize if this is a noob question.
Is there a way to get Bro to email hits from the intel framework? I have Bro emailing me, and am able to get test domains to fire and populate the intel.log.
I tried:
redef Notice::emailed_types += {
Intel::DOMAIN,
};
But I suppose that the intel hits are outside of the notice framework? my BroFu is not strong enough to figure this out myself.
Regards,
Derek