base/utils/thresholds.bro

GLOBAL

Functions for using multiple thresholds with a counting tracker. For example, you may want to generate a notice when something happens 10 times and again when it happens 100 times but nothing in between. You can use the check_threshold function to define your threshold points and the TrackCount variable where you are keeping track of your counter.

Namespace:GLOBAL
Source File:/scripts/base/utils/thresholds.bro

Summary

Redefinable Options

default_notice_thresholds: vector &redef The thresholds you would like to use as defaults with the default_check_threshold function.

Types

TrackCount: record  

Functions

check_threshold: function This will check if a TrackCount variable has crossed any thresholds in a given set.
default_check_threshold: function This will use the default_notice_thresholds variable to check a TrackCount variable to see if it has crossed another threshold.
new_track_count: function  

Detailed Interface

Redefinable Options

default_notice_thresholds
Type:vector of count
Attributes:&redef
Default:
[30, 100, 1000, 10000, 100000, 1000000, 10000000]

The thresholds you would like to use as defaults with the default_check_threshold function.

Types

TrackCount
Type:

record

n: count &default = 0 &optional

The counter for the number of times something has happened.

index: count &default = 0 &optional

The index of the vector where the counter currently is. This is used to track which threshold is currently being watched for.

Functions

check_threshold
Type:function (v: vector of count, tracker: TrackCount) : bool

This will check if a TrackCount variable has crossed any thresholds in a given set.

V:a vector holding counts that represent thresholds.
Tracker:the record being used to track event counter and currently monitored threshold value.
Returns:T if a threshold has been crossed, else F.
default_check_threshold
Type:function (tracker: TrackCount) : bool

This will use the default_notice_thresholds variable to check a TrackCount variable to see if it has crossed another threshold.

new_track_count
Type:function () : TrackCount
Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.