[Bro] Blacklist querying using Bro script
Robin Sommer
robin at icir.org
Wed Mar 28 08:07:39 PDT 2012
On Wed, Mar 28, 2012 at 16:24 +0500, Sheharbano Khattak wrote:
> Can i do this using Bro Script? If not, how do i go about doing this?
Sounds like there are two parts to this: (1)
downloading/organizing/maintaining the information, and (2) then
getting it into Bro. The former might be best done outside of Bro with
something like CIF (as Martin wrote) or even just some simple shell
scripts. For the latter, we're working on much better support than is
currenty available: the next version will have a new input framework
that can read and parse files dynamically at runtime (including
dynamic updatess) and map the content into tables or events. It also
supports querying other sources like a DB or doing external queries.
There's a working prototype in git if you want to give it a try:
branch topic/bernhard/input-threads. Feel free to send questions and
feedback to the development list, we're still working on finalizing
the specifics.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list