[Bro] A little more confusion with Intel
fatema bannatwala
fatema.bannatwala at gmail.com
Thu Jan 18 09:42:36 PST 2018
I see the dns request is for "www.yahoo.com", however the entry in your
intel-1.dat is for "yahoo.com"
Not sure if Bro intel framework works with the sub-domains lookup as well
for intel.
Try adding "www.yahoo.com" in your intel-1.dat , and see if intel.log
triggers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180118/c789022e/attachment.html
More information about the Bro
mailing list