Analysis scripts for the Bro Intrusion Detection System
Bro Python Shell Standard ML
Switch branches/tags
Nothing to show
Pull request Compare This branch is 144 commits ahead, 35 commits behind sethhall:master.
Latest commit 1705257 Nov 14, 2012 @JustinAzoff fixes
Permalink
Failed to load latest commit information.
testing New script for watching for correct headers and order of those header… Mar 16, 2010
COPYING Updated copyright date. Jan 9, 2010
README http-identified-files.bro and associated scripts renamed to include t… Mar 8, 2010
active-hosts-metrics.bro update for new api Mar 30, 2012
country-metrics.bro update for new api Mar 30, 2012
dump_http.bro fixes Nov 14, 2012
dump_http.sh for dumping http traffic Jun 12, 2012
generate_splunk_configs.py host is a 'reserved' field in splunk Mar 16, 2012
http-ext-block-exe-hosts.bro add www1 to bad domains Apr 29, 2011
http-metrics.bro update for new api Mar 30, 2012
http-mime-metrics.bro update for new api Mar 30, 2012
http-site-metrics.bro reworked Mar 21, 2012
http-size-metrics.bro tweak interval, fix calculation Nov 9, 2011
ipblocker.bro fix ip definition Mar 8, 2012
log-external-dns.bro fix notice suppression Mar 1, 2012
log-external-names.bro fixes and tweaks Mar 1, 2012
log-http-sqli.bro only log incoming Mar 1, 2012
metrics.http-ext.bro stats get written once per worker.. need to fix Nov 17, 2010
metrics.smtp-ext.bro stats get written once per worker.. need to fix Nov 18, 2010
notice.bro.patch n$id is more likely to exist than n$conn Mar 19, 2010
rdp.bro remove RDP namespace, it isn't needed and was breaking signatures Mar 11, 2010
rdp.sig basic rdp policy Oct 30, 2009
rogue-access-points.bro is_local_addr is under Site:: now Nov 14, 2011
simple-clear-passwords.bro cleanups, new features Mar 26, 2010
smtp-ext-count-rejects.bro Get rid of some warnings. Oct 29, 2009
smtp-ext-phish-passwords.bro merge in change used in logging.smtp-ext.bro from seth Mar 11, 2010
ssh-ext-block.bro make scanner client versions configurable Jan 29, 2010
subnet-admins.bro fix the conn_id reference, n$conn doesn't always exist, but n$id will Mar 16, 2010
subnet-helper.bro script to block libssh scanners Jan 28, 2010
tablize script for pretty printing a bro-log Nov 8, 2011
urlsnarf.sh remove extra headers in output Feb 3, 2012

README

Bro-IDS analysis scripts
========================
All of these scripts require Bro 1.5 or greater.