[Bro] Yara analyser
BabbitMail
babbitmail at gmail.com
Tue Dec 9 01:38:09 PST 2014
Hi all,
This is not really a question, more just to see if anybody had any strong opinions, or good suggestions about how to integrate yard into bro. I read something on this mailing list about integrating bro with yara, and hadn’t seen anything since so I’ve developed a yara analyser for bro.
https://github.com/hempnall/broyara <https://github.com/hempnall/broyara>.
The code seems to work well for small pcaps - but I wondered about memory exhaustion using std::ostringstream to store files in larger deployments. I just wondered whether this was something that you might consider including in the bro source - i’d be happy to tidy it up if there was enough enthusiasm.
This only took me about three hours - (thanks to Bro’s extensibility and Yara’s excellent docs)
Regards
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141209/007a9a5d/attachment.html
More information about the Bro
mailing list