[Bro] BRO intel framework

Seth Hall seth at icir.org
Wed Apr 29 06:32:48 PDT 2015


> On Apr 29, 2015, at 7:42 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
> 
> One more thing I need to clarify. I see in bro intel data file (generated by CIF)  Intel::URL   url's have a prefix http:// . However when I visit these URLs  BRO Intel do not trigger. I tried to remove prefix http:// from url's in BRO intel file and BRO Intel works well then. So is there anything wrong with CIF generated BRO intel file or elsewhere ?

Oh, that’s not good.  I actually thought at some point that I started stripping prefixes off of urls as they came in, but I may not have gotten that out anywhere.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150429/8ea711fc/attachment.bin 


More information about the Bro mailing list