[Bro] Yara analyser
babbitmail at gmail.com
Tue Dec 9 01:38:09 PST 2014
This is not really a question, more just to see if anybody had any strong opinions, or good suggestions about how to integrate yard into bro. I read something on this mailing list about integrating bro with yara, and hadn’t seen anything since so I’ve developed a yara analyser for bro.
The code seems to work well for small pcaps - but I wondered about memory exhaustion using std::ostringstream to store files in larger deployments. I just wondered whether this was something that you might consider including in the bro source - i’d be happy to tidy it up if there was enough enthusiasm.
This only took me about three hours - (thanks to Bro’s extensibility and Yara’s excellent docs)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro