how to use Bro getting 41 features of a connect record
Vern Paxson
vern at icir.org
Fri Dec 27 23:44:28 PST 2002
> http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
> The author said Bro is modified to generate the 41 features, I
> would preciated if someone is kind enough to give me some hints how
> to do this. I am sure a event analyser and handler sould added to
> Bro, but where, how and when to invoke the event handler.
Presumably, yes, they wrote policy scripts, and perhaps also extended
the event engine. But it seems you should ask the authors directly
to get the details.
Vern
More information about the Bro
mailing list