[Bro] new to bro, a few questions
Troy Ward
pyrodie18 at gmail.com
Sun Feb 5 12:09:23 PST 2017
Not sure that bro is the best choice for what you're looking for. Bro is
capable of doing what you're asking but this sounds like it may be better
to try out SNORT. Bro is much more usefully for getting a wide variety of
statistics for a wide variety of packets, not just a single DNS packet.
Troy
> Hi, I'm new to Bro and I'm wondering how I can do a couple of things:
>
> 1. I'd like to basically disable all of the various rules and detection
> stuff.
> 2. I'd like to create a simple rule that detects say DNS packets with
> cpsc.gov in the query or answer
>
> Figure it would be best to start simple and then build up rules (either my
> own, or others) as I need them. Sort of a K&R "Hello World" approach..
>
> Any specifics would be much appreciated.
>
>
> Thank you
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/
> 20170204/ecb0ab9b/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Bro mailing list
> Bro at bro.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> End of Bro Digest, Vol 130, Issue 8
> ***********************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170205/f4a4c6f0/attachment.html
More information about the Bro
mailing list