[Bro] Signature example
Vito Logrillo
vitologrillo at gmail.com
Tue Jul 7 02:02:53 PDT 2015
Hi all,
i'm studying the signature framework using the example described in
https://www.bro.org/sphinx/frameworks/signatures.html
I've made two files
-----mysig.sig----
signature my-first-sig {
ip-proto == tcp
dst-port == 80
payload /.*root.*/
event "Found root!"
}
-------------------------
-------mysig.bro---
@load base/frameworks/signatures/main.bro
@load-sigs ./mysig.sig
------------------------
i've tested the script using this link
www.testmyids.com
but doesn't work.
What's wrong?
Thanks,
Vito
More information about the Bro
mailing list