Dear all,
I am trying to extend the current Intelligence framework to support some indicator of my own type. I am wondering how to inform the Intelligence framework that the data of my own type is discovered and it’s presence should be checked within the intelligence data set. Do you known in which file is the corresponding codes for the current supported indicator types located? The documentation for the Intelligence Framework mentioned some "package of hook scripts". Where can I find that those scripts?
Thanks a lot,
Wenyu
I am trying to extend the current Intelligence framework to support some indicator of my own type.
Cool! What’s the type? If it’s a fairly generic type it could probably make sense to include it in Bro for the next release so that people can just import data for that type and have it “automatically” work. 
Do you known in which file is the corresponding codes for the current supported indicator types located? The documentation for the Intelligence Framework mentioned some "package of hook scripts". Where can I find that those scripts?
Yes, you can find them in <prefix>/share/bro/policy/frameworks/intel/seen/
The scripts in that directory send data into the intel framework to be checked against the loaded intelligence data sets.
.Seth