[Bro] bro netcontrol acld for use with Cisco ASA acl's
Johanna Amann
johanna at icir.org
Mon Aug 8 10:11:29 PDT 2016
Hi John,
since the NetControl framework is still rather new, I assume that no one
has done that and that you would have to write your own connectors.
Just to give you a few pointers - if you use the netcontrol broker plugin,
which uses broker to push out the netcontrol rules, you can use the python
API at https://github.com/bro/bro-netcontrol/blob/master/netcontrol/api.py
to get access to the commands without having to do all the python-side
parsing yourself.
https://github.com/bro/bro-netcontrol/blob/master/command-line/command-line.py
is an application that takes that route and uses the broker plugin on the
NetControl side and the python API.
If you need more complex rules that you need to change on the Bro side,
before you push them out via broker or another mechanism, you will
probably need to write your own NetControl plugin; instructions for that
are available at
https://www.bro.org/sphinx-git/frameworks/netcontrol.html#writing-plugins
I hope this helps a bit,
Johanna
On Sun, Aug 07, 2016 at 06:01:10PM -0400, John Babio wrote:
> Has anyone been able to accomplish connecting netcontrol into an ASA
> firewall? For use with shun?
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list