lysemose at gmail.com
Mon Apr 29 03:45:06 PDT 2013
Have you looked at this, http://code.google.com/p/security-onion/wiki/BPF
On Mon, Apr 29, 2013 at 12:33 PM, Tracy Reed <treed at ultraviolet.org> wrote:
> Hello all,
> I am running Bro 2.1 in Security Onion 12.04 and I am very happy with it.
> level of detail into what is happening on the network is just amazing! I'm
> beginning to wonder how I ever did without it for so long.
> I have an ssh that happens every 5 minutes which causes a lot of noise.
> I've gone through all of the docs on bro.org and done some googling but
> seem to figure out how to whitelist certain connections so they will not
> constantly appear in the bro alarm summaries. I did find this, which
> an example for watching ssh to particular hosts which seems related to
> what I
> am trying to do:
> But what I want is somewhat the opposite: I want to ignore/whitelist
> connections to certain hosts, preferably from certain IP addresses.
> Can anyone suggest how this would be done?
> And while I'm writing (and related to another example in the above URL) I
> alarms about SSL certs. I would like to add our in-house CA to the list of
> accepted certs. How can I do this?
> Thanks for a great tool!
> Tracy Reed
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro