[Bro] BRO intel framework
seth at icir.org
Wed Apr 29 06:32:48 PDT 2015
> On Apr 29, 2015, at 7:42 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
> One more thing I need to clarify. I see in bro intel data file (generated by CIF) Intel::URL url's have a prefix http:// . However when I visit these URLs BRO Intel do not trigger. I tried to remove prefix http:// from url's in BRO intel file and BRO Intel works well then. So is there anything wrong with CIF generated BRO intel file or elsewhere ?
Oh, that’s not good. I actually thought at some point that I started stripping prefixes off of urls as they came in, but I may not have gotten that out anywhere.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150429/8ea711fc/attachment.bin
More information about the Bro