[Bro] BRO intel framework
seth at icir.org
Wed Apr 29 06:03:24 PDT 2015
> On Apr 29, 2015, at 1:43 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
> Could you please elaborate more on that point:" Also, the internal intelligence representation is accumulative. If you remove something from that file, Bro is still watching for it." So, for example if I will overwrite the whole intel file with the new one, what happened to the records from the old file ? Bro still watching for them ?
Yes, it was designed that way originally so we that could do some optimizations in the future. I’m starting to see some more work that needs to be done on the Intelligence framework though so I’m sure that over the next release or two there will be improvements coming in this area and others.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150429/028d4d00/attachment-0001.bin
More information about the Bro