[Bro] Python file to build and modify Intel files

Kellogg, Brian D (OLN) bkellogg at dresser-rand.com
Sat Aug 23 21:18:47 PDT 2014


I created this Python script so that I wouldn't have to modify our custom intel files by hand.  I've only really used the add and remove IP portions of the script, but all of the other intel options are present.  It can work on existing intel files or create new ones.

This is written around the SecurityOnion installation of Bro so you will have to change a variable or two to get it to work if Bro is installed in another directory.

Sharing in case anyone else finds use in it.

The adding and removing of IPs may not be to everyone's liking.  I thought of using subnetting to do this, but I find that the most IPs I add to an intel file at one time is a /24 and that is rare.  Usually it is one or just a couple that get added in my experience.

I haven't added validation for other types of intel additions yet, just IPs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140824/8ec57da5/attachment.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: modIntel.txt
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140824/8ec57da5/attachment.txt 


More information about the Bro mailing list