Has anyone been able to accomplish connecting netcontrol into an ASA firewall? For use with shun?
Hi John,
since the NetControl framework is still rather new, I assume that no one
has done that and that you would have to write your own connectors.
Just to give you a few pointers - if you use the netcontrol broker plugin,
which uses broker to push out the netcontrol rules, you can use the python
API at https://github.com/bro/bro-netcontrol/blob/master/netcontrol/api.py
to get access to the commands without having to do all the python-side
parsing yourself.
https://github.com/bro/bro-netcontrol/blob/master/command-line/command-line.py
is an application that takes that route and uses the broker plugin on the
NetControl side and the python API.
If you need more complex rules that you need to change on the Bro side,
before you push them out via broker or another mechanism, you will
probably need to write your own NetControl plugin; instructions for that
are available at
https://www.bro.org/sphinx-git/frameworks/netcontrol.html#writing-plugins
I hope this helps a bit,
Johanna