add protocol analyzer to bro

Charles_Dillard · September 16, 2020, 4:39pm

Hello, we run bro 2.5 on 300+ CentOS 7 servers.

We want to add

https://docs.zeek.org/en/current/script-reference/proto-analyzers.html#zeek-dce-rpc

and

https://docs.zeek.org/en/current/scripts/base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek.html

base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek — Zeek User Manual v3.2.0
Generated for every DCE-RPC alter context request message. Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur multiple times for a single RPC message.
docs.zeek.org
|

|

Is this possible on our current platform? If not, what are you recommendations?

Thank-you.

Topic		Replies	Views
Zeek DCE-RPC Analyzer Update Development development	1	130	May 6, 2022
[Bro_Configuration]Problem with RPC Analyzer Development development	1	93	May 6, 2022
LDAP Analyzer Zeek	2	118	May 6, 2022
Writing a Protocol Analyzer Plugin Development development	10	232	May 6, 2022
Requesting some pointers- Adding a new protocol to BRO- Facing problems Zeek	3	73	May 6, 2022

add protocol analyzer to bro

Related topics