[Bro] bro 2.5 . How to get meta fields on intel.log

Giedrius Ramas giedrius.ramas at gmail.com
Thu Feb 23 06:34:55 PST 2017


Thanks, Jan
Got it working .

On Thu, Feb 23, 2017 at 3:12 PM, Jan Grashöfer <jan.grashoefer at gmail.com>
wrote:

> Hi,
>
> > How can we get working those bro extensions for Bro 2.4 on Bro 2.5
> > Currently I get errors:
> > ...
> > line 20: Duplicate identifier documentation: Intel::extend_match
>
> the intel framework has been reworked for 2.5 and includes a similar
> extension mechanism (a hook instead of an event). The following blog
> entry goes into details:
> http://blog.bro.org/2016/12/the-intelligence-framework-update.html
>
> > Or question is how to get meta fields on bro intel.log.?
>
> You can use the extension mechanisms included but keep in mind that each
> hit might be associated with multiple indicators and each indicator
> might be associated with multiple meta data records.
>
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170223/ad6db5a0/attachment.html 


More information about the Bro mailing list