Hi,
1: How can the intel also get mailed, when an intel event occurs?
I triedredef Notice::emailed_types += {
HTTP::IN_HOST_HEADER,
};
HTTP::IN_HOST_HEADER actually is not a notice type; it is a location of
the Intel framework. Try using Intel::Notice instead, that should work.
2: I want to incorporate a Bash curl script send alerts to other systems when a notice or an intel event occurs. How to accomplish this?
You probably want to use the exec framework -
https://www.bro.org/sphinx/scripts/base/utils/exec.bro.html.
I hope this helps,
Johanna