[Bro] Blacklist querying using Bro script
mcholste at gmail.com
Wed Mar 28 06:01:09 PDT 2012
I highly recommend checking out the Collective Intelligence Framework (
http://code.google.com/p/collective-intelligence-framework/) as a way to
manage your blacklists. Of particular importance is its ability to store
and share to authorized parties your org's own custom blacklists in a
seamless way with other blacklists.
On Wed, Mar 28, 2012 at 6:24 AM, Sheharbano Khattak
<sheharbano.k at gmail.com>wrote:
> Dear Bro Team,
> I maintain blacklists of botnet C&C servers, spam sources etc. These are
> usually distributed as text files. Every once in a while, i need to update
> these by re-downloading them or better yet, by using rsync. In other cases,
> the database is too large to be locally maintained e.g. DNSBL and i would
> rather make an online query.
> I want this process to be completely automated. That is to say, i want to
> provide Bro with a list of URL's from where these lists can be obtained at
> the time of invocation. In my Bro script, i want to handle reading these
> files and also 'refresh' the lists say every 24 hours. Occasionally, i want
> to be able to make online queries about the 'sanity' of certain IP
> Can i do this using Bro Script? If not, how do i go about doing this?
> Sheharbano Khattak
> Research Engineer / MS student
> NUST, Pakistan
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro