mcholste at gmail.com
Thu Jul 21 07:16:16 PDT 2011
Every year, at least once a year, I make an honest effort to implement
Bro and to start taking advantage of its advanced capabilities. Each
year, I spend a few hours on it and give up. I look through every doc
I can find on the Bro web site and in the tarball, but the lack of
sufficient examples and documentation always stifles any progress. I
want this year to be different. The purpose of this email is to find
out from you guys how to do the following (ideally in example form):
How do I write a policy to detect when an SSL connection has a
certificate which was created less than 30 days ago (not_valid_before
> 30 days ago)?
How do I send arbitrary connection data to an external program and
receive information back from it (and I need something more detailed
than "use broccoli")?
More information about the Bro