New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

securityonion-bro-scripts: add HASSH #1338

Closed
dougburks opened this Issue Sep 26, 2018 · 4 comments

Comments

Projects
2 participants
@dougburks
Copy link
Contributor

dougburks commented Sep 26, 2018

@weslambert

This comment has been minimized.

Copy link
Collaborator

weslambert commented Oct 29, 2018

From: https://github.com/salesforce/hassh/tree/master/bro

Note that bro currently ( <= v2.5.5) has a bug which reverses the Client/server flag, however the logic in this script reverses and in effect corrects this bug. Therefore once the bro bug is patched, the logic in this script also needs return to the proper form. Failure to update bro and not the script will result in the Server and Client packets being processed incorrectly, in effect swapping around hassh with hassServer.

@dougburks

This comment has been minimized.

Copy link
Contributor

dougburks commented Oct 30, 2018

@dougburks dougburks added this to To do in 16.04.5.6 Dec 17, 2018

@dougburks dougburks moved this from To do to In progress in 16.04.5.6 Dec 31, 2018

@dougburks dougburks changed the title Consider adding HASSH securityonion-bro-scripts: add HASSH Dec 31, 2018

dougburks added a commit to Security-Onion-Solutions/securityonion-bro-scripts that referenced this issue Dec 31, 2018

@dougburks

This comment has been minimized.

Copy link
Contributor

dougburks commented Jan 7, 2019

@dougburks dougburks moved this from In progress to In Testing in 16.04.5.6 Jan 7, 2019

@dougburks

This comment has been minimized.

@dougburks dougburks closed this Jan 9, 2019

16.04.5.6 automation moved this from In Testing to Done Jan 9, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment