[Bro] Scanned Unique Host
Johanna Amann
johanna at icir.org
Thu Dec 28 07:47:47 PST 2017
Hi,
typically the only way to do this is to look into conn.log; it might be
possible to add that information using the SAMPLE or LAST SumStat
reducers; however that will require modifying scans.bro.
Johanna
On Wed, Oct 25, 2017 at 09:40:11PM +0000, Hector Pena wrote:
> Hi,
>
> Is there a way to view which host were scanned when receiving a notice for the scan.bro script? We have been receiving a lot of notices lately for “x.x.x.x scanned at least X unique hosts on port X in Xtime”. I cannot seem to find a good way to determine which host were scanned by the host machine.
>
> Thanks,
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list