brotex

Attempt to implement the core functionality of vortex using bro-code

Tested with Bro 2.3 on SecurityOnion

Look at exec-bro.sh for an example of how to exec bro with these scripts.

ckane@cyberdef-so:~/bro-stream-test$ sudo bro -i eth1 -b -e 'redef Conn::extract_folder = "/nsm/sensor_data/cyberdef-so-eth1/brotex/"; redef Conn::stream_ext = ".smtp"' ./local.bro 2> stderr.log
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39844-192.168.6.1:25_CaP9x4U9dqufXRWJc_orig.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39844-192.168.6.1:25_CaP9x4U9dqufXRWJc_resp.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39845-192.168.6.1:25_CbQGo41m9TzqvO7ARf_orig.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39845-192.168.6.1:25_CbQGo41m9TzqvO7ARf_resp.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39846-192.168.6.1:25_CENHWptqKBXh8F36b_orig.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39846-192.168.6.1:25_CENHWptqKBXh8F36b_resp.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39847-192.168.6.1:25_C5QHMRcv9ZBWHH3ak_orig.smtp
/nsm/sensor_data/cyberdef-so-eth1/brotex/stream_192.168.6.2:39847-192.168.6.1:25_C5QHMRcv9ZBWHH3ak_resp.smtp

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
LICENSE		LICENSE
README.md		README.md
conn-contents.bro		conn-contents.bro
exec-bro.sh		exec-bro.sh
local.bro		local.bro

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

brotex

About

Releases

Packages

Languages

License

ckane/brotex

Folders and files

Latest commit

History

Repository files navigation

brotex

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages