[Bro] Blacklist querying using Bro script
sheharbano.k at gmail.com
Wed Mar 28 04:24:41 PDT 2012
Dear Bro Team,
I maintain blacklists of botnet C&C servers, spam sources etc. These are
usually distributed as text files. Every once in a while, i need to update
these by re-downloading them or better yet, by using rsync. In other cases,
the database is too large to be locally maintained e.g. DNSBL and i would
rather make an online query.
I want this process to be completely automated. That is to say, i want to
provide Bro with a list of URL's from where these lists can be obtained at
the time of invocation. In my Bro script, i want to handle reading these
files and also 'refresh' the lists say every 24 hours. Occasionally, i want
to be able to make online queries about the 'sanity' of certain IP
Can i do this using Bro Script? If not, how do i go about doing this?
Research Engineer / MS student
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro