[Bro] [bro] intel framework

anthony kasza anthony.kasza at gmail.com
Sun Jul 17 17:42:29 PDT 2016

This should work:


The Intel frameworks works on a plugin system. You should be able to add
some protocol fields by writing a new scripts if what you need isn't
already there.


On Jul 17, 2016 7:19 PM, "Tim Desrochers" <tgdesrochers at gmail.com> wrote:

> Is there a way to use the intel framework to alert on something like this
> /templates/nivoslider/loading.php
> I don't care about the domain I just care about the URI.  The adversary
> keeps using DGA domains but the rest stays the same.
> I read the intel framework section online and I don't see anything that
> appears it would match this type of intel.
> Thanks
> Tim
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160717/034d8950/attachment.html 

More information about the Bro mailing list