[Bro] Reviewing old logs with new scripts?
nortonperry@gmail.com
norton.perry at gmail.com
Wed Jul 8 04:54:46 PDT 2015
Hey all,
Apologies if this is not the place to ask this but I've got intel feeds
working (criticalstack) for the past few days and was wondering if it is
possible to interrogate existing logs with the new intel using bro-cut ( I
have months worth where there was a clear breach due to network
misconfiguration?
I guess it is possible, but would require more a shell based diff or
something? I know you can replay packet dumps but it would appear not logs?
Also, haven't seen this mentioned anywhere - with bro-cut what globbing /
regular expression options are there? eg![].
Thanx Pel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150708/07c3fef2/attachment.html
More information about the Bro
mailing list