Getting matched substrings ???

Yohann Thomas yohann.thomas at rd.francetelecom.com
Tue Apr 6 07:38:33 PDT 2004


Hi !

I'm having a look at Bro and I'd like first to congratulate people 
involved in the project for this great work !!!

The concept of contextual signature language seems very interesting, but 
I'm having a little problem...In fact, I read in the paper "Bro: A 
System for Detecting Network Intruders in Real-Time" this phrase about 
REGEX implementation : "Second, we anticipate matching sets of patterns 
and wanting to know which subset were matched by a given set of 
text...". I thought I could get the matched substring by the signatures, 
but unfortunately I can't get out of it...

Is it possible to get these substrings in a policy script when a 
signature matches, or am I misunderstanding the quoted phrase ???

Thanks.

Yohann.






More information about the Bro mailing list