[Bro] Cluster state synchronization

Seth Hall seth at icir.org
Tue Oct 7 09:51:40 PDT 2014


On Oct 6, 2014, at 1:58 PM, Damian Gerow <damian.gerow at shopify.com> wrote:

> I'm having some troubles wrapping my head around synchronization of set values in a cluster.
> 
> We use a relatively simple bro script that correlates sets of whitelisted/blacklisted DNS names with new connections.  To accomplish this, we have sets that are just the IP addresses returned by DNS lookups, which we then use to check against new connections.

Is this a script that you wrote locally or are you using the Broala script?

	https://github.com/broala/bro-snippets/blob/master/intel-dns.bro
	(this script works like it sounds like your does, but it uses data you have fed into the intel framework)

If you're curious about your script though, post is somewhere and someone can take a look. :)

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/





More information about the Bro mailing list