ThreatNet::Filter - Interface for ThreatNet event filters
ThreatNet data sources can potentially generate a hell of a lot of events, and it's important to be able to filter these down to just the events that matter.
Many of the filters are stateful. For example, the standard ThreatNet::Filter::ThreatCache module provides cache objects that filter out any threats that have already been seen in the previous hour. (or whatever the state period is).
The filter API is quite simple, with only a few methods.
Since some categories of filter do not strictly need to be in the form of an object,
new constructor is provided which just creates an empty object.
Returns a new
or some sub-classes may return
undef on error.
keep method takes a ThreatNet::Message object and examines it to determine if the message should be kept,
or filtered out.
In the default implementation of the filter, all messages are kept.
Returns true if the message should be kept, or false if the message should be discarded.
All bugs should be filed via the bug tracker at
For other issues, or commercial enhancement and support, contact the author
Adam Kennedy <firstname.lastname@example.org>
Copyright (c) 2004 - 2005 Adam Kennedy. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
The full text of the license can be found in the LICENSE file included with this module.