Hello guys,
I’ve been working on a project where we have multiple bro rules and it is challenging to manage whitelists for each rule.
I’ve created a bro module that helps managing whitelists for bro scripts in a single file.
More info:
https://github.com/rodrigokroll/zeek_globalwhitelist
I intend to improve capabilities adding CIDR and domain names.
Feedbacks are welcome.