[Bro] Bro + Yara File Scanning Module?
Seth Hall
seth at icir.org
Fri Jul 25 07:54:27 PDT 2014
On Jul 25, 2014, at 10:03 AM, Jason Batchelor <jxbatchelor at gmail.com> wrote:
> Interested if this is something that has been considered previously? If so, what were the results? If not, I'm happy to spin off an effort of my own. Either way I see it as a good project to get into Bro scripting at a deeper level.
I was working on this a while ago and got it working. :)
Unfortunately it required some changes to Yara itself to add an incremental analysis API which I need to update because the Yara developers have been making changes in the areas that I had to make changes. I've been thinking of coming back around to that code to get it cleaned up and contributed back to the Yara developers so that we could easily have a Yara analyzer in Bro.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140725/dee35d88/attachment.bin
More information about the Bro
mailing list