CapOne-Zeek-Docker/capitalone/optimizations/notice_suppression.zeek

# Who               When            What
# -----------------------------------------------------------------------------
# Aaron Eppert      11/14/2018      Added Conn::Content_Gap
#
@load base/frameworks/notice

#
# Approximately 500k/hour and not an indicator of an issue overall, except a very
# busy network. Approximately 500GB/30 days reduced by metadata volume in PR, etc.
#
@load policy/protocols/conn/weirds.zeek 
redef Notice::ignored_types += { Conn::Content_Gap };