[Bro] NetControl configuration
Andrew Dellana
andrew.dellana at bayer.com
Thu Mar 16 08:04:40 PDT 2017
Yes, I do want to make the NetControl actions based on what is alerted in Notices. Can all the helpers be stored in one file and only call the helper that is needed?
Freundliche Grüße / Best regards,
Andrew Dellana
Intern
-----Original Message-----
From: Azoff, Justin S [mailto:jazoff at illinois.edu]
Sent: Thursday, March 16, 2017 10:56 AM
To: Andrew Dellana
Cc: bro at bro.org
Subject: Re: [Bro] NetControl configuration
> On Mar 16, 2017, at 10:47 AM, Andrew Dellana <andrew.dellana at bayer.com> wrote:
>
> Hello,
>
> Is it easier to have a NetControl action in each script or to have one file that contains all the NetControl actions. I want to do one that has all the NetControl actions contained in one script, but am unsure of how / if it is possible to import information from one script to another.
>
> And if it is possible to import information to a single NetControl Script would someone be kind enough to provide a template.
>
> Freundliche Grüße / Best regards,
>
> Andrew Dellana
> Intern
What sort of actions are you talking about? If you are triggering these actions based on a NOTICE being raised, then you can use a notice hook to trigger the netcontrol actions when certain notices are raised.
If you just want to store helpers in a file, you just need to do something like
# my-netcontrol-actions.bro
@load base/frameworks/netcontrol
function do_block(ip: addr)
{
NetControl::drop_address(ip , 20sec, "No internet for you!");
}
And then in any other script
# my-script.bro
@load my-net-control-actions
event ...
{
do_block(id$orig_h);
}
--
- Justin Azoff
More information about the Bro
mailing list