Extension for the Intel Framework in Bro 2.3 (deprecated by 2.5!)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
scripts
testing
LICENSE
README
README.rst
__load__.bro

README.rst

Bro Intel Framework Extensions (Bro v2.4)

These are some extensions for Bro 2.4's Intel framework.

  • The ability to extend the Intel log with the Intel::extend_match event. This also disables the normal intel.log and creates a file named intel_ext.log.
  • The ability to whitelist items with the new intel item field named "whitelist". To use it, create a new intel file with an additional field named "whitelist" using the value "T". That will cause the item to be a whitelisted item and avoid logging it.