[Bro] Bro Intel framework - filter out
seth at icir.org
Mon Jan 19 07:19:51 PST 2015
> On Jan 18, 2015, at 6:31 PM, Mike Patterson <mike.patterson at uwaterloo.ca> wrote:
> There’s probably other, possibly even better, ways to do it, but this works for me.
FWIW, there is the exclude function in the packet filter framework.
PacketFilter::exclude(“ignore this stuff”, "net 10.0.0.1/24 or host 10.1.2.3”);
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro