[Bro] Question about disable lookup_addr
Seth Hall
seth at corelight.com
Wed Oct 25 06:52:30 PDT 2017
On 24 Oct 2017, at 16:26, SJ Lee wrote:
> I checked policy/frameworks/files/detect-MHR.bro, but does not able to fine
> function for lookup_addr but seeing
> - when ( local MHR_result = lookup_hostname_txt(hash_domain) )
>
> Is this also related with dns lookup?
Yep. All of the DNS related functions are:
lookup_addr
lookup_hostname_txt
lookup_hostname
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list