I’m looking at analyzing bro logs, filtering by an arbitrary CIDR.
Before I go write a Python script that will handle this - I was wondering if something already existed.
As an example -
zcat ssl.12:00:00-13:00:00.log.gz | bro-cut server_name id.orig_h | by_CIDR.py 126.96.36.199/23
I was also contemplating modifying bro-cut to handle this.