[Bro] Bro Intel framework - filter out
Andrew Ratcliffe
andrew.ratcliffe at nswcsystems.co.uk
Mon Jan 19 09:00:04 PST 2015
Thanks, that’s really what I was looking for. I had seen the PacketFilter framework in the Bro documentation but when I look at the Bro docs it’s hard to figure out how to do stuff; I guess its me, I really need to find a good resource for learning the bro language.
Kind regards,
Andy
Andrew.Ratcliffe at NSWCSystems.co.uk<mailto:Andrew.Ratcliffe at NSWCSystems.co.uk>
CISSP, GCIA, GCIH, GPEN, GWAPT, CSTA, CSTP
Blog.InfoSecMatters.net<http://blog.infosecmatters.net/>
On 19 Jan 2015, at 15:19, Seth Hall <seth at icir.org<mailto:seth at icir.org>> wrote:
On Jan 18, 2015, at 6:31 PM, Mike Patterson <mike.patterson at uwaterloo.ca<mailto:mike.patterson at uwaterloo.ca>> wrote:
There’s probably other, possibly even better, ways to do it, but this works for me.
FWIW, there is the exclude function in the packet filter framework.
event bro_init()
{
PacketFilter::exclude(“ignore this stuff”, "net 10.0.0.1/24 or host 10.1.2.3”);
}
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150119/16456e67/attachment-0001.html
More information about the Bro
mailing list