[Bro] Bro Intel framework - filter out
andrew.ratcliffe at nswcsystems.co.uk
Mon Jan 19 09:00:04 PST 2015
Thanks, that’s really what I was looking for. I had seen the PacketFilter framework in the Bro documentation but when I look at the Bro docs it’s hard to figure out how to do stuff; I guess its me, I really need to find a good resource for learning the bro language.
Andrew.Ratcliffe at NSWCSystems.co.uk<mailto:Andrew.Ratcliffe at NSWCSystems.co.uk>
CISSP, GCIA, GCIH, GPEN, GWAPT, CSTA, CSTP
On 19 Jan 2015, at 15:19, Seth Hall <seth at icir.org<mailto:seth at icir.org>> wrote:
On Jan 18, 2015, at 6:31 PM, Mike Patterson <mike.patterson at uwaterloo.ca<mailto:mike.patterson at uwaterloo.ca>> wrote:
There’s probably other, possibly even better, ways to do it, but this works for me.
FWIW, there is the exclude function in the packet filter framework.
PacketFilter::exclude(“ignore this stuff”, "net 10.0.0.1/24 or host 10.1.2.3”);
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro