[Bro] SSH brute-force email notice
Seth Hall
seth at icir.org
Tue Feb 28 14:20:53 PST 2017
> On Feb 28, 2017, at 5:05 PM, Loris Leiva <loris.leiva at gmail.com> wrote:
>
> Do you know if there is a way for me to enable this feature with PCAP or an alternative? I would like to simulate a scenario using a big PCAP file for a presentation and it would be great if it could generate emails.
If you don't mind modifying scripts, you can find the line here:
https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro#L338
If you get rid of that if statement it will work.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list