[Bro] Bro + Yara File Scanning Module?
Seth Hall
seth at icir.org
Fri Jul 25 08:09:03 PDT 2014
On Jul 25, 2014, at 10:54 AM, Seth Hall <seth at icir.org> wrote:
> On Jul 25, 2014, at 10:03 AM, Jason Batchelor <jxbatchelor at gmail.com> wrote:
>
>> Interested if this is something that has been considered previously? If so, what were the results? If not, I'm happy to spin off an effort of my own. Either way I see it as a good project to get into Bro scripting at a deeper level.
>
> I was working on this a while ago and got it working. :)
I forgot to mention one more point. It was pretty slow because of the internal architecture of Yara and I had started reworking a bit of Yara to fix the problem (compiling rule sets is slow and they mix rule match state with the compiled rule structure so you can't match multiple files concurrently with the same compiled rule set).
Is there anyone out there interested in taking on this rework and pushing it to completion? (you need to know C)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140725/cb473283/attachment.bin
More information about the Bro
mailing list