[Bro] Bro --> Google Safe Browsing API?
Seth Hall
seth at icir.org
Wed Mar 25 10:42:21 PDT 2015
> On Mar 25, 2015, at 9:57 AM, Vlad Grigorescu <vlad at grigorescu.org> wrote:
>
> Essentially the issue is that there needs to be a piece between Bro and the API, which is handling downloading/updating the prefixsets, and ensuring that the request frequency is observed. It'd be interesting, but Bro integration with v3 is a difficult task.
Yeah, I agree. Google has been moving the service toward needing more frequent touches with them to get an accurate picture of matches against their list. This works perfectly fine for desktops that might see a maximum of 1000 URLs being requested per hour or something, but on a Bro cluster, there could be thousands per second.
I had an implementation of the v1 of that API running with Bro years ago, but even that didn’t work well enough that I could ever distribute it.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list