[Bro] Question on Notices
Damon Rouse
damonrouse at gmail.com
Thu May 22 09:49:48 PDT 2014
Hi
I've been playing with notice alerts and was wondering if it's possible to
get the alert below to show the unique hosts that it scanned. If not
possible via an alert, what would be the best way in Bro to find these
hosts? Thanks!
[Bro] Scan::Address_Scan
Message: 192.168.xxx.xxx scanned at least 27 unique hosts on port 80/tcp in
1m56s
Sub-message: local
Address: 192.168.xxx.xxx
Email Extensions
----------------
orig/src hostname: xxxxxxxxxxxxxxx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140522/4f99d7a8/attachment.html
More information about the Bro
mailing list