[Bro] A little more confusion with Intel
jlay at slave-tothe-box.net
Thu Jan 18 10:15:27 PST 2018
Ah....Ok thanks again Justin. Seth should I put in a feature request
for both TLD and UDP for the Intel framework? Thanks.
On 2018-01-18 11:13, Azoff, Justin S wrote:
>> On Jan 18, 2018, at 1:06 PM, James Lay <jlay at slave-tothe-box.net>
>> Here too, is there something I'm missing? In testing a different
>> packet captures using TCP, I get intel...so does the Intel framework
>> not support UDP? Thank you.
> The intel framework doesn't know anything about tcp or udp. The
> default scripts for connections only alert on tcp connections though:
> Justin Azoff
More information about the Bro