export {
        redef Notice::mail_dest = "email_address@inet.com";

        redef enum Notice::Type += {
                Foo,
        };

        redef Notice::emailed_types += {
                Foo,
        };
}



redef Notice::policy += {
  [$pred(n: Notice::Info) = {
     return n$note == Foo;
   },
   $action = Notice::ACTION_EMAIL]
  };

event bro_init()
        {
        local filter: Log::Filter = [
                $name="poison_hits",
                $path="poison_hits",
                $pred(rec: DNS::Info) = {
                        if ( rec?$qtype_name && rec?$answers && rec$qtype_name == "A" )
                                {
                                for ( i in rec$answers )
                                        if ( "1.2.3.4" in rec$answers[i] )
                                                {
                                                NOTICE([$note=Foo, $msg="Foo detected."]);
                                                return T;
                                                }
                                }
                        return F;
                },
                $include=set("ts", "uid", "id.orig_h", "query")];
        Log::add_filter(DNS::LOG, filter);
        }