[Bro] Multiple Intel framework hits for same connection?
Aaron Gee-Clough
lists at g-clef.net
Tue Sep 30 13:59:35 PDT 2014
No worries. That's fixed it. I'm seeing hits for certs when I change to
use FILE_HASH.
Thanks for your help.
aaron
On 09/30/2014 04:46 PM, Seth Hall wrote:
>
>
> On Sep 30, 2014, at 4:39 PM, Aaron Gee-Clough <lists at g-clef.net>
> wrote:
>
>> If they did get implemented, then I'm not sure what I'm doing
>> wrong...I just can't get bro to fire for SSL cert hashes. I'm
>> running bro 2.3.1 (just updated today), if that makes any
>> difference.
>
> Sorry, that's my mistake. I never actually implemented a script that
> used CERT_HASH. Just make those FILE_HASH instead. That's more
> proper anyway now that certs are handled as files.
>
> .Seth
>
> -- Seth Hall International Computer Science Institute (Bro) because
> everyone has a network http://www.bro.org/
>
More information about the Bro
mailing list