[Bro] event handler in beo
Michel Laterman
mlaterma at ucalgary.ca
Mon May 25 12:28:32 PDT 2015
Hello Anshu,
When your signature is matched by a script it raises a signature_match event, as described here:
https://www.bro.org/sphinx-git/scripts/base/bif/event.bif.bro.html#id-signature_match
For a very simple example of this event matching to a specific signature see:
http://try.bro.org/#/trybro/saved/8104
I have just modified the example signature provided in:
https://www.bro.org/sphinx-git/frameworks/signatures.html
to look for the string "youtube" instead of "root" (anywhere in the payload), this way you can run it on the provided http.pcap file to get a match.
Hope that helps,
Michel
________________________________________
From: bro-bounces at bro.org <bro-bounces at bro.org> on behalf of Anshu Sharma <anshu.sh123 at gmail.com>
Sent: May 25, 2015 12:26 AM
To: bro
Subject: [Bro] event handler in beo
Sir/Mam
i need to write an event handler for when my signature is matched .
can anyone tell me how to do?
thanks
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list