[Bro] vector array of string used as a pattern for matching
Kellogg, Brian D (OLN)
bkellogg at dresser-rand.com
Thu Feb 27 11:23:25 PST 2014
I'm trying to create an array of domain names that I want to use as a pattern to search on. I know the below is wrong; just looking for someone to educate me on how to do this in a Bro script if it can be done. thanks
global ignoreDomains: vector of string = vector("webex.com", "pwc.com", "messagelabs.com","akamaitechnologies.com");
when (local dst = lookup_addr(c$id$resp_h))
{
if (/ignoreDomains$/ in dst)
return;
}
Thank you,
Brian Kellogg
Security Analyst; IT Governance, Risk, and Compliance
500 Paul Clark Drive, Olean, NY 14760
T: (716) 375-3186 | F: (716) 375-3557
www.dresser-rand.com<http://www.dresser-rand.com/> NYSE: DRC
[Description: Description: Description: Description: Description: Description: d-r_wordraster3R-hi]
Bringing energy and the environment into harmony(r)
IMPORTANT NOTICE:
This email may be confidential, may be legally privileged, and is for the intended recipient only. Unauthorized access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140227/38ecfd3d/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2366 bytes
Desc: image001.jpg
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140227/38ecfd3d/attachment.jpg
More information about the Bro
mailing list