[Bro] CIF and Bro Integration
hammadog at gmail.com
Sun Mar 30 06:14:51 PDT 2014
Thanks all for who responded.
Just to update everyone on this. When they say RTFM, this the case
for me. I tried to fumble my way through all this and I should have
just sat back and read some good posts and documentation. The following
two links really points you in the right direction.
This exercise says it all and makes it very easy to understand. The CIF
integration is also pretty easy with this post.
Pretty darn nice implementation for pulling external Intel as well as
defining your own.
Love BRO, Its wicked!
On 03/26/2014 10:37 PM, Jon Schipp wrote:
> If you don't want to upgrade, you can replace that Bro.pm file with
> this newer one:
> On Wed, Mar 26, 2014 at 9:08 PM, Tom OBrion <hammadog at gmail.com
> <mailto:hammadog at gmail.com>> wrote:
> Well in looking at the DOC on the BRO site. I must have a
> different version of CIF causing the BRO plugin to format my feed
> On Wed, Mar 26, 2014 at 9:46 PM, Bernhard Amann
> <bernhard at icsi.berkeley.edu <mailto:bernhard at icsi.berkeley.edu>>
> On Mar 26, 2014, at 6:14 PM, Jon Schipp <jonschipp at gmail.com
> <mailto:jonschipp at gmail.com>> wrote:
> > I'm not so certain anymore ;)
> > It looks like you're right  that the mode is set to
> REREAD .
> > Though, I'm pretty sure that I've read in the documentation
> that a restart is required for the removal of items.
> > Maybe that was a mistake. Oh well.
> You are right about that. Even though reread supports the
> removal of items,
> the current way in which it is used in the intelligence
> framework does not seem to.
> I have to ask Seth why that is the case - it should be easy to
> change this.
> Bro mailing list
> bro at bro-ids.org <mailto:bro at bro-ids.org>
> Tom O'Brion
> Twitter: @tobrion
> Skype: TomOBrion
> "Life is too short to spend time with people who suck the happy
> out of you."
> View Tom OBrion's profile on LinkedIn
> Jon Schipp,
> jonschipp.com <http://jonschipp.com>, sickbits.net <http://sickbits.net>
"Life is too short to spend time with people who suck the happy out of you."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro