Bro script module for detecting malware using domain generation algorithms.
Bro
Switch branches/tags
Nothing to show
Permalink
Failed to load latest commit information.
README.rst
__load__.bro
g01pack.bro
main.bro
utils.bro

README.rst

Domain Generation Algorithm for Bro

Detect domain generation algorithms (DGA) with Bro. The module will regularly generate domains by any implemented algorithms and watch for those domains in DNS queries.

This script only works with Bro 2.1+.

Installation

cd <prefix>/share/bro/site/
git clone git://github.com/sethhall/bro-domain-generation.git
echo "@load bro-domain-generation" >> local.bro

Configuration

There is no particular configuration required.

Output

There is a single notice type generated by this module:

DomainGeneration::Computed_Domain_Detected