[Bro] Bro Whitelists and Integration
vikrant.nook at aim.com
vikrant.nook at aim.com
Tue Nov 17 02:05:06 PST 2015
Hi Team,
I am new to bro and starting to look at platform from various detection and policy point of view.
I have following queries :
1) How can i add domains Whitelist ,in controlled enviroment i know which domains are allowed anything else Trigger alert or log message/ email would be good as well.
2) Same as 1 expect look for URL or part of URL like /?var=32532part (basically any URI)
3) Software which are not approved trigger alert.
4) Integrate for Cuckoo or sandbox ?
Any scripting guide /videos (paid or free ) which can help in basics and can ramp up modules script writing.
Thanks for support and creating wonderful software.
Regards,
Vijay
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151117/8d01c633/attachment.html
More information about the Bro
mailing list