[Bro] Multiple Intel framework hits for same connection?
liburdi.joshua at gmail.com
Tue Sep 30 13:58:21 PDT 2014
There also aren't scripts that use USER_NAME, but I have some
additions to fix that. :)
On Tue, Sep 30, 2014 at 1:46 PM, Seth Hall <seth at icir.org> wrote:
> On Sep 30, 2014, at 4:39 PM, Aaron Gee-Clough <lists at g-clef.net> wrote:
>> If they did get implemented, then I'm not sure what I'm doing wrong...I just can't get bro to fire for SSL cert hashes. I'm running bro 2.3.1 (just updated today), if that makes any difference.
> Sorry, that's my mistake. I never actually implemented a script that used CERT_HASH. Just make those FILE_HASH instead. That's more proper anyway now that certs are handled as files.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
More information about the Bro