[Bro] NetControl configuration
Azoff, Justin S
jazoff at illinois.edu
Thu Mar 16 07:56:13 PDT 2017
> On Mar 16, 2017, at 10:47 AM, Andrew Dellana <andrew.dellana at bayer.com> wrote:
>
> Hello,
>
> Is it easier to have a NetControl action in each script or to have one file that contains all the NetControl actions. I want to do one that has all the NetControl actions contained in one script, but am unsure of how / if it is possible to import information from one script to another.
>
> And if it is possible to import information to a single NetControl Script would someone be kind enough to provide a template.
>
> Freundliche Grüße / Best regards,
>
> Andrew Dellana
> Intern
What sort of actions are you talking about? If you are triggering these actions based on a NOTICE being raised, then you can use a notice hook to trigger the netcontrol actions when certain notices are raised.
If you just want to store helpers in a file, you just need to do something like
# my-netcontrol-actions.bro
@load base/frameworks/netcontrol
function do_block(ip: addr)
{
NetControl::drop_address(ip , 20sec, "No internet for you!");
}
And then in any other script
# my-script.bro
@load my-net-control-actions
event ...
{
do_block(id$orig_h);
}
--
- Justin Azoff
More information about the Bro
mailing list