[Bro] vector array of string used as a pattern for matching

anthony kasza anthony.kasza at gmail.com
Thu Feb 27 11:56:27 PST 2014


You could use a set of patterns.

foo: set[pattern] = YourPatterns
for (each in foo)
{
  if (each in DomainInQuestion)
    DoSomething
}

-AK
On Feb 27, 2014 11:44 AM, "Kellogg, Brian D (OLN)" <
bkellogg at dresser-rand.com> wrote:

>  I'm trying to create an array of domain names that I want to use as a
> pattern to search on.  I know the below is wrong; just looking for someone
> to educate me on how to do this in a Bro script if it can be done.  thanks
>
>
>
> global ignoreDomains: vector of string = vector("webex.com", "pwc.com", "
> messagelabs.com","akamaitechnologies.com");
>
>
>
>                 when (local dst = lookup_addr(c$id$resp_h))
>
>                         {
>
>                         if (/ignoreDomains$/ in dst)
>
>                                 return;
>
>                         }
>
>
>
>
>
> Thank you,
>
> *Brian Kellogg*
>
> Security Analyst; IT Governance, Risk, and Compliance
>
> 500 Paul Clark Drive, Olean,  NY 14760
>
> T: (716) 375-3186 | F: (716) 375-3557
>
> www.dresser-rand.com     NYSE: DRC
>
>
>
> [image: Description: Description: Description: Description: Description:
> Description: d-r_wordraster3R-hi]
>
> Bringing energy and the environment into harmony(R)
>
>
> *IMPORTANT NOTICE: This email may be confidential, may be legally
> privileged, and is for the intended recipient only. Unauthorized access,
> disclosure, copying, distribution, or reliance on any of it by anyone else
> is prohibited and may be a criminal offense. Please delete if obtained in
> error and email confirmation to the sender.*
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140227/716ebf64/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2366 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140227/716ebf64/attachment.jpg 


More information about the Bro mailing list