Adding custom BRO scripts to SO
306 views
Skip to first unread message
namobud...@gmail.com
Feb 12, 2016, 3:32:28 PM2/12/16
to security-onion
I'm wondering how I would setup and use a custom script like:
https://github.com/sethhall/bro-junk-drawer/blob/master/scan_udp.bro
https://github.com/sethhall/bro-junk-drawer/blob/master/scan_udp.bro
In Security Onion. I'm not really expert in bro, so I'm wondering if there is a step-by-step for adding a custom bro script like and does it pop up in Squil or another SO element when it fires?
Thanks!
Doug Burks
Feb 12, 2016, 5:18:43 PM2/12/16
to securit...@googlegroups.com
You can add custom scripts in /opt/bro/share/bro/site/local.bro.
To check and see if the Bro script has fired a Notice, go to ELSA,
click Notice, and then click Top Notice Types.
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
To check and see if the Bro script has fired a Notice, go to ELSA,
click Notice, and then click Top Notice Types.
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Reply all
Reply to author
Forward
0 new messages