[Bro] Multiple Intel framework hits for same connection?

Seth Hall seth at icir.org
Tue Sep 30 13:46:46 PDT 2014

On Sep 30, 2014, at 4:39 PM, Aaron Gee-Clough <lists at g-clef.net> wrote:

> If they did get implemented, then I'm not sure what I'm doing wrong...I just can't get bro to fire for SSL cert hashes. I'm running bro 2.3.1 (just updated today), if that makes any difference.

Sorry, that's my mistake.  I never actually implemented a script that used CERT_HASH.  Just make those FILE_HASH instead.  That's more proper anyway now that certs are handled as files.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list