[Bro] My first Bro Scripts
josh.guild at morphick.com
Thu May 26 10:33:41 PDT 2016
I wrote a few Bro scripts to cut my teeth on the language if you all would
like to check them out:
Network Visibility will allow you to confirm that the traffic that should
be flowing to your sensor actually is. You can populate what subnets you
should be seeing and it will dump a log to confirm if it sees a host in
RDP Layout just checks the keyboard_layout field in the rdp.log against a
whitelist (or you can make it a black list by changing the !in to in). Good
for monitoring for lateral movement or connections to your DMZ.
Comments/criticism are welcome! (I'm a network guy, not a programmer so...)
Network Intelligence Analyst
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro