sethhall / bro_scripts
watch download tarball
public
Forks1Right
Watchers2Right
Description: Analysis scripts for the Bro Intrusion Detection System
Homepage: http://www.bro-ids.org
Clone URL: git://github.com/sethhall/bro_scripts.git
name age
history
message
file COPYING Thu Nov 13 10:45:50 -0800 2008 Following Vern's example and moving copyright i... [sethhall]
file README Thu Jul 03 07:19:52 -0700 2008 Small grammatic changes and fixes for the notices. [Seth Hall]
file dns-ext.bro Tue Apr 07 19:44:58 -0700 2009 Added a new line based dns logging script (dns-... [sethhall]
file enable-ext-logging.bro Thu Oct 29 22:11:25 -0700 2009 Separation of logging from ftp-ext. ftp-ext.bro... [sethhall]
file ftp-ext.bro Mon Nov 16 05:23:21 -0800 2009 Fixed a problem with the command being set inco... [sethhall]
file functions-ext.bro Mon Nov 02 19:28:06 -0800 2009 SSH now uses default_check_threshold Fixed a nu... [sethhall]
file global-ext.bro Thu Oct 29 08:13:30 -0700 2009 Adding the beginning of a logging framework. Th... [sethhall]
file http-ext.bro Wed Nov 04 06:20:14 -0800 2009 Fixed some issues with external data sources in... [sethhall]
file http-identified-files.bro Thu Nov 13 10:45:50 -0800 2008 Following Vern's example and moving copyright i... [sethhall]
file known-services.bro Thu Oct 29 08:13:30 -0700 2009 Adding the beginning of a logging framework. Th... [sethhall]
file logging-ext.bro Tue Nov 03 19:23:07 -0800 2009 Fixed by report from Justin: If "Neither" is ... [sethhall]
file logging.ftp-ext.bro Sun Nov 15 21:29:12 -0800 2009 Fixed some logging issues with ftp-ext Username... [sethhall]
file logging.http-ext.bro Fri Nov 13 12:00:32 -0800 2009 Renamed ssl-known-certs to ssl-ext. *_ext loggi... [sethhall]
file logging.smtp-ext.bro Fri Nov 13 12:00:32 -0800 2009 Renamed ssl-known-certs to ssl-ext. *_ext loggi... [sethhall]
file logging.ssh-ext.bro Fri Nov 13 12:00:32 -0800 2009 Renamed ssl-known-certs to ssl-ext. *_ext loggi... [sethhall]
directory md5_hash_malware/ Tue Apr 07 19:44:58 -0700 2009 Added a new line based dns logging script (dns-... [sethhall]
file smtp-ext-count-rejects.bro Thu Oct 29 13:04:04 -0700 2009 Get rid of some warnings. [sethhall]
file smtp-ext.bro Mon Nov 02 10:38:23 -0800 2009 Bug fixing for crashes and run-time errors. [sethhall]
file ssh-ext.bro Mon Nov 02 19:28:06 -0800 2009 SSH now uses default_check_threshold Fixed a nu... [sethhall]
file ssl-ext.bro Fri Nov 13 12:00:32 -0800 2009 Renamed ssl-known-certs to ssl-ext. *_ext loggi... [sethhall]
file ssn-exposure.bro Thu Oct 15 08:15:35 -0700 2009 Major overhaul to ssh-ext. Logs in the common... [sethhall]
file ssn.sig Thu Apr 16 10:13:32 -0700 2009 Added the SSN exposure detection script and sig... [sethhall]
README
Bro-IDS analysis scripts
========================
Many or all of these scripts will currently require Robin Sommer's branch
of Bro.  

  http://blog.icir.org/2007/12/robins-development-branch.html


ssh-ext.bro
-----------
Determination of a successful SSH connection is made by the byte count
returned by the server.  The default is 5500 bytes.  Redef the 
authentication_data_size variable to change it (for example to 4k)...
    redef SSH::authentication_data_size = 4000;