[Bro] SSH brute-force email notice

Loris Leiva loris.leiva at gmail.com
Tue Feb 28 14:22:48 PST 2017


That’s perfect! Thanks again for your help.

Loris

On 28 Feb 2017, 23:20 +0100, Seth Hall <seth at icir.org>, wrote:
>
> > On Feb 28, 2017, at 5:05 PM, Loris Leiva <loris.leiva at gmail.com> wrote:
> >
> > Do you know if there is a way for me to enable this feature with PCAP or an alternative? I would like to simulate a scenario using a big PCAP file for a presentation and it would be great if it could generate emails.
>
> If you don't mind modifying scripts, you can find the line here:
> https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro#L338
>
> If you get rid of that if statement it will work.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170228/78ff9f4c/attachment.html 


More information about the Bro mailing list