[Bro] new to bro, a few questions
John Brown (isFaster)
john at isfaster.com
Sat Feb 4 19:20:34 PST 2017
Hi, I'm new to Bro and I'm wondering how I can do a couple of things:
1. I'd like to basically disable all of the various rules and detection
stuff.
2. I'd like to create a simple rule that detects say DNS packets with
cpsc.gov in the query or answer
Figure it would be best to start simple and then build up rules (either my
own, or others) as I need them. Sort of a K&R "Hello World" approach..
Any specifics would be much appreciated.
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170204/ecb0ab9b/attachment.html
More information about the Bro
mailing list