[Bro] SQL usage in Bro
Seth Hall
hall.692 at osu.edu
Mon Feb 15 11:25:00 PST 2010
On Feb 12, 2010, at 4:39 PM, Jim Mellander wrote:
> perhaps could be augmented with an event, ala
>
> global bad_urls: set[string] &query="SELECT url FROM bad_urls"
> &query_interval=1hour &query_event=update_badurls;
>
> which would then allow script-level access to the updating process.
In your example, when would the event attached to the &query_event
attribute be raised and what arguments would be passed into it?
> Perhaps we can work together on this?
That would be great. It sounds like you're working on the sort of
stuff I've been doing for a while where you're trying to take external
intelligence and use it to it's full extent within Bro. I'm working
on an intelligence framework for integrating that sort of intelligence
now, would you be interested in reframing our discussion more in that
light since it appears what both of our goals are?
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list