[Bro] Exfil scripts

Rhette Wallach rmarsh at salesforce.com
Thu Jan 5 14:16:57 PST 2017

Hi All,

I'm relatively new to Bro and would like input if there are other
exfiltration detection scripts out there other than these two:



Any others?

Additionally, when I try to run the first script, I get a split string
error on this line:

local parts = split_string(key$str, /, /);

This is odd because my understanding is that the split_string function
should be built-in and part of base/bif/strings.bif.bro, and it's function
is defined here:  is a defined function as per here (

Any input on either of these questions would be appreciated.  Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170105/c6f8959e/attachment.html 

More information about the Bro mailing list