[Bro] IOCs data for hashes.
Chris Walsh
chris at cwalsh.org
Mon Aug 29 07:42:29 PDT 2016
Have you looked at https://www.bro.org/sphinx/scripts/policy/frameworks/files/detect-MHR.bro.html <https://www.bro.org/sphinx/scripts/policy/frameworks/files/detect-MHR.bro.html> ?
If I am understanding your goal, this seems to be a good fit for what you’re trying to do.
Chris
> On Aug 29, 2016, at 8:30 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
>
> Hi,
>
> I am working with BRO, trying to add the capability of malware detection using Bro.
> I am already using the intel framework provided by Bro and feeding IOC data into it.
> It successfully detects and logs the connection having bad IPs and domains in intel.log file.
> The functionality I would like to add is to detect any malware downloaded by any of the endpoints, and for that I need some good IOC data of hashes. I searched the internet for IOCs hashes but couldn't fine any good source for it.
> Does anyone have any pointers in the same direction? or any other magic that can be used to accomplish the same purpose?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160829/b755d3ed/attachment.html
More information about the Bro
mailing list