[Bro] Duqu script
Zied Turki
zied.turki at outlook.com
Fri Nov 27 02:54:25 PST 2015
Dear all,
I tried to test the bro script to log the Duqu attack published through Github. The broctl check failed and here below the output :
"error in /usr/local/bro/share/bro/policy/bro-scripts/duqu.bro, line 81: no such field in record (HTTP::c$http$mime_types)"
I've understood that $mime_type has changed in the new bro version and I've tried to change it in the script with "resp_mime_types" . Here below the new output :
error in /usr/local/bro/share/bro/base/protocols/http/./entities.bro, line 27 and /usr/local/bro/share/bro/policy/bro-scripts/duqu.bro, line 81: pattern requires string index (vector of string and /^?(image\/jpeg)$?/)
I am new to bro scripts. Please, I need your help to understand how to manage this kind of errors. Anyone could help please ?
Please find below the link to the original script :
https://github.com/mavam/brospects/blob/master/bro/duqu.bro
Many thanks,
BR,
Zied
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151127/228cd354/attachment.html
More information about the Bro
mailing list