[Bro] A little more confusion with Intel
Michael Shirk
shirkdog.bsd at gmail.com
Thu Jan 18 10:45:29 PST 2018
Yes this would be a nice to have.
--
Michael Shirk
Daemon Security, Inc.
https://www.daemon-security.com
On Jan 18, 2018 13:37, "Jan Grashöfer" <jan.grashoefer at gmail.com> wrote:
On 18/01/18 19:15, James Lay wrote:
> Ah....Ok thanks again Justin. Seth should I put in a feature request
> for both TLD and UDP for the Intel framework? Thanks.
That's probably something that can be addressed with a package. In
general you can have a look at
https://github.com/bro/bro/tree/master/scripts/policy/frameworks/intel/seen
to get an idea of how the intel framework gathers its information.
Jan
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180118/5dd0c31f/attachment.html
More information about the Bro
mailing list