[Bro] Bro --> Google Safe Browsing API?

Hosom, Stephen M hosom at battelle.org
Wed Mar 25 06:13:30 PDT 2015

I was actually looking at this yesterday, however, because of the way that Google implements the API, this is non-trivial and would not really be something that I would feel comfortable using the current active http function(s) for. Basically, the API has requirements that you implement their rate limiting at the client level... so under certain conditions, Google could tell you 'Do not query again for another hour' and you're supposed to play along with their request. 

Rumor has it that someone is working on the active http module, so, I haven't looked into doing any of that myself. I'd love to take on Safe Browsing integration though. Maybe I'll just look into making Safe Browsing its own full blown plugin? Querying safe-browsing for at least the links that I parse from emails would be extremely desirable from my perspective.

If you want to talk about it, feel free to ping me on IRC, since I'm always logged in during the day anyway, or, we can just keep the discussion on the mailing list so everyone can feel free to chime in. 

-----Original Message-----
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Doug Burks
Sent: Wednesday, March 25, 2015 8:53 AM
To: <bro at bro.org>
Subject: [Bro] Bro --> Google Safe Browsing API?

Hello all,

Has anybody developed a script to have Bro query the Google Safe Browsing API?




Doug Burks
Need Security Onion Training or Commercial Support?
Bro mailing list
bro at bro-ids.org

More information about the Bro mailing list