[Bro] [bro] intel framework
Tim Desrochers
tgdesrochers at gmail.com
Sun Jul 17 17:10:53 PDT 2016
Is there a way to use the intel framework to alert on something like this
/templates/nivoslider/loading.php
I don't care about the domain I just care about the URI. The adversary
keeps using DGA domains but the rest stays the same.
I read the intel framework section online and I don't see anything that
appears it would match this type of intel.
Thanks
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160717/7b763d4c/attachment.html
More information about the Bro
mailing list