[Bro] A little more confusion with Intel
James Lay
jlay at slave-tothe-box.net
Thu Jan 18 10:15:27 PST 2018
Ah....Ok thanks again Justin. Seth should I put in a feature request
for both TLD and UDP for the Intel framework? Thanks.
James
On 2018-01-18 11:13, Azoff, Justin S wrote:
>> On Jan 18, 2018, at 1:06 PM, James Lay <jlay at slave-tothe-box.net>
>> wrote:
>>
>> Here too, is there something I'm missing? In testing a different
>> packet captures using TCP, I get intel...so does the Intel framework
>> not support UDP? Thank you.
>>
>> James
>>
>
> The intel framework doesn't know anything about tcp or udp. The
> default scripts for connections only alert on tcp connections though:
>
> https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/conn-established.bro
>
> —
> Justin Azoff
More information about the Bro
mailing list