johanna at icir.org
Wed Jul 30 15:21:43 PDT 2014
...and the same in perl:
I sent that to James a while ago but forgot to CC the list.
On 30 Jul 2014, at 15:08, Anthony VEREZ wrote:
> I created a python script to parse get the latest version of a
> and convert it to the bro intel framework format:
> Thanks James and Johanna for the idea :)
> On 7/15/14, 9:59 AM, James Lay wrote:
>> On 2014-07-15 10:55, Johanna Amann wrote:
>>> Hello James,
>>> using blacklists like this is actually quite easy nowadays. Just
>>> loading the list of blacklisted SHA-1 hashes into the intel
>>> and making sure that policy/frameworks/intel/seen/file-hashes.bro is
>>> loaded should be enough.
>>> Certificates used in SSL connections are handled just like files, so
>>> if one of the certificates is encountered after loading the data, it
>>> should trigger a notification.
>>> You just have to reformat the list for the intel framework.
>>> On 15 Jul 2014, at 9:40, James Lay wrote:
>>>> Wonder if bro can support this?
>> Thank you Johanna...I will go down that path.
>> Bro mailing list
>> bro at bro-ids.org
> Bro mailing list
> bro at bro-ids.org
More information about the Bro