[Bro] Monitoring for MAC address
zeolla at gmail.com
Thu Oct 6 11:55:33 PDT 2016
I have a use case where I would like to monitor for certain MAC addresses
in use. I took a look at the Intel framework
it doesn't seem to have a type that can handle this. Has anybody else
encountered a similar scenario in the past?
The list will be ever-evolving and so I would like to be able to modify it
without having to restart my cluster (hence considering the Intel
framework). I did find this thread
if I have to, I will just write a script that uses known_devices. Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro