[Bro] Exfil scripts

Rhette Wallach rmarsh at salesforce.com
Thu Jan 5 14:16:57 PST 2017


Hi All,

I'm relatively new to Bro and would like input if there are other
exfiltration detection scripts out there other than these two:

https://github.com/sooshie/bro-scripts/blob/master/2.4-scrip
ts/dns-bad_behavior.bro

https://github.com/reservoirlabs/bro-scripts/tree/master/
exfil-detection-framework

Any others?

Additionally, when I try to run the first script, I get a split string
error on this line:

local parts = split_string(key$str, /, /);

This is odd because my understanding is that the split_string function
should be built-in and part of base/bif/strings.bif.bro, and it's function
is defined here:  is a defined function as per here (
https://www.bro.org/sphinx/scripts/base/bif/strings.bif.bro.html).

Any input on either of these questions would be appreciated.  Thanks!

rhette
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170105/c6f8959e/attachment.html 


More information about the Bro mailing list