[Bro] Question about disable lookup_addr
SJ Lee
bluebike.sjlee at gmail.com
Wed Oct 25 07:23:10 PDT 2017
Thank you Seth, this helps me a lot.
--SJ
On Wed, Oct 25, 2017 at 9:52 AM, Seth Hall <seth at corelight.com> wrote:
>
>
> On 24 Oct 2017, at 16:26, SJ Lee wrote:
>
> > I checked policy/frameworks/files/detect-MHR.bro, but does not able to
> fine
> > function for lookup_addr but seeing
> > - when ( local MHR_result = lookup_hostname_txt(hash_domain) )
> >
> > Is this also related with dns lookup?
>
> Yep. All of the DNS related functions are:
> lookup_addr
> lookup_hostname_txt
> lookup_hostname
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171025/bc2b2135/attachment-0001.html
More information about the Bro
mailing list