[Bro] Bro and Yara together
Seth Hall
seth at icir.org
Thu Oct 22 11:14:07 PDT 2015
> On Oct 22, 2015, at 10:44 AM, Vito Logrillo <vitologrillo at gmail.com> wrote:
>
> the git code below can be used to integrate Bro with Yara:
> https://github.com/hempnall/broyara
>
> I've tried to use it without any result. Should i download the files
> in the same bro directory and then change the CMake files as
> described?
I’m not sure this is going to be a great solution for many people. You are pulling the entire file into system memory and then having Yara analyze it once the file is completed. I’ve worked with Yara before and even added a streaming API (which hasn’t been accept back into Yara proper yet).
I guess I’m just trying to get across that I’d be a little concerned about running this on a real network. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list