[Bro] Blacklist DNS alerting
rrotsted at pdx.edu
Wed Mar 21 09:34:49 PDT 2012
I recently spun up my first Bro instance and I'm trying to find the most
elegant way to alert any time there is a query for a particular set of
malicious domains (ex.
Would this be best accomplished with a signature? Would I be better off
writing a hook for Bro's core DNS script?
Any input will be greatly appreciated,
Network Security Analyst
Portland State University
314B D581 A8CD E28A A690 7E9D 5B43 4B28 0EB6 A21A
More information about the Bro