johanna at icir.org
Tue Jul 15 09:55:34 PDT 2014
using blacklists like this is actually quite easy nowadays. Just loading
the list of blacklisted SHA-1 hashes into the intel framework and making
sure that policy/frameworks/intel/seen/file-hashes.bro is loaded should
Certificates used in SSL connections are handled just like files, so if
one of the certificates is encountered after loading the data, it should
trigger a notification.
You just have to reformat the list for the intel framework.
On 15 Jul 2014, at 9:40, James Lay wrote:
> Wonder if bro can support this?
> Bro mailing list
> bro at bro-ids.org
More information about the Bro