[Bro] new to bro, a few questions
John Brown (isFaster)
john at isfaster.com
Sat Feb 4 19:20:34 PST 2017
Hi, I'm new to Bro and I'm wondering how I can do a couple of things:
1. I'd like to basically disable all of the various rules and detection
2. I'd like to create a simple rule that detects say DNS packets with
cpsc.gov in the query or answer
Figure it would be best to start simple and then build up rules (either my
own, or others) as I need them. Sort of a K&R "Hello World" approach..
Any specifics would be much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro