[Bro] new to bro, a few questions
anthony.kasza at gmail.com
Sun Feb 5 14:03:55 PST 2017
You may want to look at Bro's "bare mode". It starts Bro without many of
On Feb 4, 2017 8:23 PM, "John Brown (isFaster)" <john at isfaster.com> wrote:
> Hi, I'm new to Bro and I'm wondering how I can do a couple of things:
> 1. I'd like to basically disable all of the various rules and detection
> 2. I'd like to create a simple rule that detects say DNS packets with
> cpsc.gov in the query or answer
> Figure it would be best to start simple and then build up rules (either my
> own, or others) as I need them. Sort of a K&R "Hello World" approach..
> Any specifics would be much appreciated.
> Thank you
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro