[Bro] Using Bro to detect DNS lookups in given timeframe
SHille at heartland.com
Wed Mar 18 09:28:09 PDT 2015
Does Bro have anything built-in for the following scenario:
· Detecting if a network device is looking up over 50 DNS entries in a 1 hour timeframe
IT Security Analyst
Privacy Notice: This electronic mail message, and any attachments, are confidential and are intended for
the exclusive use of the addressee(s) and may contain information that is proprietary and that may be
Individually Identifiable or Protected Health Information under HIPAA. If you are not the intended
recipient, please immediately contact the sender by telephone, or by email, and destroy all copies of this
message. If you are a regular recipient of our electronic mail, please notify us promptly if you change
your email address.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro