[Bro] BRO & Malware Hash Registry
E.H.Beekman at amc.nl
Mon Mar 1 06:34:33 PST 2010
I would like to run Bro 1.5.1. with lookups to the MHR,
since the 1.5 code allready contains the MD5 functions (?),
i assumed i only needed the:
which i loaded into my site/local.bro
and verified to be present through:
# broctl scripts | & grep cymru
But i don't see any related logging, so i'm afraid of being
a little naive in my approach. Since i am totally new
at bro, i don't have a clue at how to debug the script.
thanks in advance for any help.
BTW i really like the functionality in Bro, it helped me discover bot
IRC traffic on port 80 and inst_n105.exe trojan dropper downloads from a
server in Russia.
More information about the Bro