add protocol analyzer to bro

Charles_Dillard · September 16, 2020, 4:39pm

Hello, we run bro 2.5 on 300+ CentOS 7 servers.

We want to add

https://docs.zeek.org/en/current/script-reference/proto-analyzers.html#zeek-dce-rpc

and

https://docs.zeek.org/en/current/scripts/base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek.html

base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek — Zeek User Manual v3.2.0
Generated for every DCE-RPC alter context request message. Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur multiple times for a single RPC message.
docs.zeek.org
|

|

Is this possible on our current platform? If not, what are you recommendations?

Thank-you.

Topic		Replies	Views
[Bro_Configuration]Problem with RPC Analyzer Development development	1	60	May 6, 2022
Requesting some pointers- Adding a new protocol to BRO- Facing problems Zeek	3	59	May 6, 2022
NTP Zeek	1	54	May 6, 2022
Bro DCE-RPC Analyzer Questions Development development	4	118	May 6, 2022
DDS and RTPS protocol analyzer Zeek	1	58	May 6, 2022

add protocol analyzer to bro

Related Topics