[Bro] Detecting Encryption
Seth Hall
seth at icir.org
Mon Aug 24 07:56:19 PDT 2015
> On Aug 24, 2015, at 10:51 AM, nhtvl <bmixonb1 at cs.unm.edu> wrote:
>
> OK thanks. So I would write my own broscripts to do connection and
> file entropy analysis then right?
These wouldn’t be written as scripts. Connection and file analyzers needs to be written as plugins or in the core. They are typically implemented in C++ or BinPAC.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list