[Zeek] R: how to specify ip address through variables
Palumbo Mauro
mauro.palumbo at aizoon.it
Tue Nov 19 07:44:37 PST 2019
Hi Ravi,
For the 1Q, you can easily define variables for ip addresses in zeek using the type “addr”. However, I don’t think you can do it in a signature file.
For the 2Q, have a look at https://docs.zeek.org/en/stable/scripts/base/utils/exec.zeek.html#id-Exec::run
For the 3Q, I think they use it at CERN in Geneva too.
Mauro
Da: zeek-bounces at zeek.org [mailto:zeek-bounces at zeek.org] Per conto di rahul rakesh
Inviato: martedì 19 novembre 2019 13:45
A: zeek at zeek.org
Oggetto: [Zeek] how to specify ip address through variables
Hi all,
First Question:
------------------
How I can specify the ip address of src-ip/dst-ip <cmp> <address-list>
through variable like $External_Net like in snort signatures.
Suppose same ip address is there in many signatures.How can I define it at one place.
Second Q
-------------
after event is generated,then how can i call either c++ code or python code from bro scripts.If it is possible ,can you provide me link.
(Some where i read that through bro scripts, we can call python or c++ code)
Third Q
-----------
Currently Zeek is used at which super computing facility.Is it used at NERSC center. Just to know that. You can provide me link also.
Thank you so much.
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191119/bfb3d294/attachment.html
More information about the Zeek
mailing list