[Bro] My first Bro Scripts
ِABDUL ALEANAZI
d7om.ph at hotmail.com
Thu May 26 16:41:19 PDT 2016
what about outgoing connections? does it check for that?
Sent from my iPhone
> On May 26, 2016, at 10:42 AM, Josh Guild <josh.guild at morphick.com> wrote:
>
> Hi everyone,
>
> I wrote a few Bro scripts to cut my teeth on the language if you all would like to check them out:
>
> https://github.com/joshuaguild/bro_scripts
>
> Network Visibility will allow you to confirm that the traffic that should be flowing to your sensor actually is. You can populate what subnets you should be seeing and it will dump a log to confirm if it sees a host in that subnet.
>
> RDP Layout just checks the keyboard_layout field in the rdp.log against a whitelist (or you can make it a black list by changing the !in to in). Good for monitoring for lateral movement or connections to your DMZ.
>
> Comments/criticism are welcome! (I'm a network guy, not a programmer so...)
>
> --
> Josh Guild
> Network Intelligence Analyst
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160526/318b56a3/attachment.html
-------------- next part --------------
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list