[Bro] A little more confusion with Intel
James Lay
jlay at slave-tothe-box.net
Thu Jan 18 09:46:22 PST 2018
Ya we discovered that worked thanks Fatema...but that defeats the point
of "domain" in the intel file :(
James
On 2018-01-18 10:42, fatema bannatwala wrote:
> I see the dns request is for "www.yahoo.com [1]", however the entry in your intel-1.dat is for "yahoo.com [2]"
> Not sure if Bro intel framework works with the sub-domains lookup as well for intel.
> Try adding "www.yahoo.com [1]" in your intel-1.dat , and see if intel.log triggers.
Links:
------
[1] http://www.yahoo.com
[2] http://yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180118/cbcb657b/attachment.html
More information about the Bro
mailing list