[Bro] Detecting heartbleed activity
john.h.hoyt at gmail.com
Thu Apr 10 11:12:28 PDT 2014
I'm attempting to add an email alert for these, but I'm getting an error.
This is my first time attempting this, so I may have something wrong with
Here is what I've added to local.bro.
hook Notice::policy(n: Notice::Info)
if ( n$note == SSL::SSL_Heartbeat_Attack_Success )
Here is the error:
error in /bro/share/bro/site/local.bro, line 96: unknown identifier
SSL::SSL_Heartbeat_Attack_Success, at or near
On Thu, Apr 10, 2014 at 12:51 PM, James Lay <jlay at slave-tothe-box.net>wrote:
> On 2014-04-10 06:24, James Lay wrote:
> > So...I'd like to be able to see if any heartbleed activity was
> > happening before everyone knew about it. I'm thinking I'd see this in
> > the conn.log with data leaving the server. Any thoughts or pointers
> > we
> > could use to check? Thanks all.
> > James
> Thanks for the feedback all..very helpful.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro