Extension for the Intel Framework in Bro 2.3
Bro
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
scripts
testing
LICENSE
README
README.rst
__load__.bro

README.rst

Bro Intel Framework Extensions (Bro v2.4)

These are some extensions for Bro 2.4's Intel framework.

  • The ability to extend the Intel log with the Intel::extend_match event. This also disables the normal intel.log and creates a file named intel_ext.log.
  • The ability to whitelist items with the new intel item field named "whitelist". To use it, create a new intel file with an additional field named "whitelist" using the value "T". That will cause the item to be a whitelisted item and avoid logging it.