[Bro] Cluster state synchronization
seth at icir.org
Tue Oct 7 09:51:40 PDT 2014
On Oct 6, 2014, at 1:58 PM, Damian Gerow <damian.gerow at shopify.com> wrote:
> I'm having some troubles wrapping my head around synchronization of set values in a cluster.
> We use a relatively simple bro script that correlates sets of whitelisted/blacklisted DNS names with new connections. To accomplish this, we have sets that are just the IP addresses returned by DNS lookups, which we then use to check against new connections.
Is this a script that you wrote locally or are you using the Broala script?
(this script works like it sounds like your does, but it uses data you have fed into the intel framework)
If you're curious about your script though, post is somewhere and someone can take a look. :)
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro