[Bro] Writing a Bro script to make an API call?
Jesse Bowling
jessebowling at gmail.com
Sun Feb 24 19:08:32 PST 2013
Similar to how Bro implements the detect-MHR script, I'd like to do a
lookup against a REST API for hashes on executables...I can do it easily
enough in python but...How can I do it in Bro?
I copied the detect-MHR as a template, but immedietly ran into the
questions of "how do I make an http request with Bro?" and "Will that
request now end up in my http.logs?" and "Does Bro have native abilities to
deal with JSON objects in a reasonable way?" and "What happens if I'm
getting two lines in my response: a csv style line and a JSON "object"?"...
Obviously I have a lot to learn, and would appreciate any resourses I could
be point to for doing so... :)
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130224/4aaf19a5/attachment.html
More information about the Bro
mailing list