Getting matched substrings ???
yohann.thomas at rd.francetelecom.com
Tue Apr 6 07:38:33 PDT 2004
I'm having a look at Bro and I'd like first to congratulate people
involved in the project for this great work !!!
The concept of contextual signature language seems very interesting, but
I'm having a little problem...In fact, I read in the paper "Bro: A
System for Detecting Network Intruders in Real-Time" this phrase about
REGEX implementation : "Second, we anticipate matching sets of patterns
and wanting to know which subset were matched by a given set of
text...". I thought I could get the matched substring by the signatures,
but unfortunately I can't get out of it...
Is it possible to get these substrings in a policy script when a
signature matches, or am I misunderstanding the quoted phrase ???
More information about the Bro