[Bro] BRO signature

anthony kasza anthony.kasza at gmail.com
Fri May 22 09:34:43 PDT 2015


Place your signature in a file named "mysig.sig". Then create another file
called "myscript.bro". Within this file, use the @load-sigs directive to
load "mysig.sig". When you run Bro be sure to tell Bro to include
"myscript.bro". You'll also need to write an event handler for when your
signature is matched.

See here https://www.bro.org/sphinx-git/frameworks/signatures.html

-AK
On May 21, 2015 11:23 PM, "Anshu Sharma" <anshu.sh123 at gmail.com> wrote:

> Sir/Mam
> I am new at bro i have install 2.3.2 . I want to create a signature
> framework i have read the document provided on bro website but i cannot
> understand how to execute it i.e
>
> signature my-first-sig {
>     ip-proto == tcp
>     dst-port == 80
>     payload /.*root/
>     event "Found root!"
> }
>
> i taken this code from your site but it is not running is it require addition coding
>
> please tell me what to do now.
>
> thank you
>
> waiting for your early reply
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150522/6b8e4959/attachment.html 


More information about the Bro mailing list