[Bro] new to bro, a few questions
anthony kasza
anthony.kasza at gmail.com
Sun Feb 5 14:03:55 PST 2017
You may want to look at Bro's "bare mode". It starts Bro without many of
Bro's features.
-AK
On Feb 4, 2017 8:23 PM, "John Brown (isFaster)" <john at isfaster.com> wrote:
> Hi, I'm new to Bro and I'm wondering how I can do a couple of things:
>
> 1. I'd like to basically disable all of the various rules and detection
> stuff.
> 2. I'd like to create a simple rule that detects say DNS packets with
> cpsc.gov in the query or answer
>
> Figure it would be best to start simple and then build up rules (either my
> own, or others) as I need them. Sort of a K&R "Hello World" approach..
>
> Any specifics would be much appreciated.
>
>
> Thank you
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170205/2692f167/attachment.html
More information about the Bro
mailing list