[Bro] software.log

[John Babio]

Here is what I have so far. It is working but I don’t know if it is written correctly.


@load base/frameworks/notice

@load base/frameworks/software


module OLD_JAVA;


module HTTP;


export {

        redef enum Notice::Type += {

                OLD_JAVA::Java_seen,

        };

}


event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=2

        {


        if ( Software::found(c$id, [$unparsed_version="Java/1.7.0_40", $host=c$id$orig_h]));

                {

                NOTICE([$note=OLD_JAVA::Java_seen, $msg=fmt("Old Java Seen")]);

                }

        }