[Bro] Multiple Intel framework hits for same connection?
seth at icir.org
Tue Sep 30 13:46:46 PDT 2014
On Sep 30, 2014, at 4:39 PM, Aaron Gee-Clough <lists at g-clef.net> wrote:
> If they did get implemented, then I'm not sure what I'm doing wrong...I just can't get bro to fire for SSL cert hashes. I'm running bro 2.3.1 (just updated today), if that makes any difference.
Sorry, that's my mistake. I never actually implemented a script that used CERT_HASH. Just make those FILE_HASH instead. That's more proper anyway now that certs are handled as files.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro