[Bro] Intel Framework Usage
Damon Rouse
damonrouse at gmail.com
Mon Jun 9 11:14:24 PDT 2014
Hi Everyone
I'm still pretty new BRO and have a couple questions about the Intel
framework and how to use/leverage it. I've looked through the docs and
have it loaded in local.bro file. I don't see an intel.log in my current
or my BRO archive logs (previous dates) directories. Correct to assume
this means that there have been no hits to the Intel framework?
Secondly, is the Input framework the correct way to scan against intel data
I have internally or obtain from other sources? If so, do these text files
need to be formatted a certain way like the pre-formatted feeds mentioned
in the docs (mal-dns2bro and CIF)?
Really appreciate the help...Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140609/09989b43/attachment.html
More information about the Bro
mailing list