[Bro] My first Bro Scripts
Josh Guild
josh.guild at morphick.com
Thu May 26 10:33:41 PDT 2016
Hi everyone,
I wrote a few Bro scripts to cut my teeth on the language if you all would
like to check them out:
https://github.com/joshuaguild/bro_scripts
Network Visibility will allow you to confirm that the traffic that should
be flowing to your sensor actually is. You can populate what subnets you
should be seeing and it will dump a log to confirm if it sees a host in
that subnet.
RDP Layout just checks the keyboard_layout field in the rdp.log against a
whitelist (or you can make it a black list by changing the !in to in). Good
for monitoring for lateral movement or connections to your DMZ.
Comments/criticism are welcome! (I'm a network guy, not a programmer so...)
--
Josh Guild
Network Intelligence Analyst
<https://twitter.com/stay_spooky> <https://keybase.io/joshuaguild>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160526/d8830c0e/attachment.html
More information about the Bro
mailing list