[Bro] Using Bro to detect DNS lookups in given timeframe

Hille, Samson SHille at heartland.com
Wed Mar 18 09:32:16 PDT 2015

Does Bro have anything built-in for the following scenario:

  *   Detecting if a network device is looking up over 50 DNS entries in a 1 hour timeframe

Samson Hille
IT Security Analyst


Privacy Notice: This electronic mail message, and any attachments, are confidential and are intended for
the exclusive use of the addressee(s) and may contain information that is proprietary and that may be
Individually Identifiable or Protected Health Information under HIPAA. If you are not the intended
recipient, please immediately contact the sender by telephone, or by email, and destroy all copies of this
message. If you are a regular recipient of our electronic mail, please notify us promptly if you change
your email address.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150318/a7b9c6f3/attachment-0001.html 

More information about the Bro mailing list