[Bro-Dev] [JIRA] (BIT-1167) Add subnet support to intel framework

Brian Little (JIRA) jira at bro-tracker.atlassian.net
Tue Mar 25 08:25:39 PDT 2014


Brian Little created BIT-1167:
---------------------------------

             Summary: Add subnet support to intel framework
                 Key: BIT-1167
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1167
             Project: Bro Issue Tracker
          Issue Type: Patch
          Components: Bro
    Affects Versions: 2.2
            Reporter: Brian Little
            Priority: Low
         Attachments: bro-intel-subnet.patch

Here is a patch to add Intel::NET data as a type to search on. This allows adding whole subnets to the intel data rather than just individual addresses.

I have also updated the btest.

I'm not sure if the lookup is the best way of doing it - currently if loops through each subnet and then checks if the host is part of each. Is it possible to do it in a more efficient way?



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list