[Bro] event handler in beo

Michel Laterman mlaterma at ucalgary.ca
Mon May 25 12:28:32 PDT 2015

Hello Anshu,

When your signature is matched by a script it raises a signature_match event, as described here:

For a very simple example of this event matching to a specific signature see:

I have just modified the example signature provided in:
to look for the string "youtube" instead of "root" (anywhere in the payload), this way you can run it on the provided http.pcap file to get a match.

Hope that helps,

From: bro-bounces at bro.org <bro-bounces at bro.org> on behalf of Anshu Sharma <anshu.sh123 at gmail.com>
Sent: May 25, 2015 12:26 AM
To: bro
Subject: [Bro] event handler in beo

i need to write an event handler for when my signature is matched .
can anyone tell me how to do?
Bro mailing list
bro at bro-ids.org

More information about the Bro mailing list