[Bro] A little more confusion with Intel
Azoff, Justin S
jazoff at illinois.edu
Thu Jan 18 10:13:11 PST 2018
> On Jan 18, 2018, at 1:06 PM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> Here too, is there something I'm missing? In testing a different packet captures using TCP, I get intel...so does the Intel framework not support UDP? Thank you.
>
> James
>
The intel framework doesn't know anything about tcp or udp. The default scripts for connections only alert on tcp connections though:
https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/conn-established.bro
—
Justin Azoff
More information about the Bro
mailing list