[Bro] Announcing an Unofficial Bro Script Repository
Justin Azoff
JAzoff at albany.edu
Fri Aug 10 10:54:27 PDT 2012
On Fri, Aug 10, 2012 at 12:37:58PM -0500, Martin Holste wrote:
> Nice! http-exe-bad-attributes.bro alone is worth checking out. Thanks!
I have a bunch of other ones that could be included(after some cleanups)
here:
https://github.com/justinazoff/bro_scripts/tree/2.0
active-hosts-metrics.bro
rogue-access-points.bro
log-external-dns.bro
are useful.
I want to update log-external-dns to cache the result of lookup_addr and
have another notice type/flag when it doesn't resolve. After running it
for a while I've found that external dns servers without PTR records are
almost always the really nasty ones.
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list