[Bro] Emerging Threats signatures on Bro ids ?
rmkml at yahoo.fr
Tue Aug 14 19:05:29 PDT 2012
ok please found Four alpha release update (open-gpl) Emerging Threats signatures :
-sorry, no new signatures
-moved print to notice alarm realtime mode
-disabled by default sig performance penalty with et_performancepenalty variable
Im always interested if you have comments/feedback/flame/performance/FP/FN please.
Enable or disable variable in bro script reduce number sigs (et_currents, et_enabled, et_dns, et_trojan...).
1) I have a small pb on this bro powerful language:
-I have used a global variables (sid2015596...) for http_header because my test on pcap fire four times for each signature.
2) find case insensitive more "simplify" regexp ?
3) adding local_net / external_net...
4) how to match POST http_method with argument ?
More information about the Bro