[Bro] BRO and SQL
daveangelo831 at gmail.com
Thu Feb 2 03:54:35 PST 2012
I am trying to add BRO the ability to ignore traffic from certain IP ranges
I have a DB with IP addresses (that chances once in a while) and I would
like to write a BRO script that will query the DB once in a while, grab
those IP addresses and drop new connections with these IP's.
1. Is it possible to query a DB from BRO scripts? is there any examples?
2. Assuming yes, should i implement this logic at the 'new_connection'
event? (I would like to drop connections from these IP's as soon as
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro