Bro Whitelists and Integration

Hi Team,

I am new to bro and starting to look at platform from various detection and policy point of view.

I have following queries :

  1. How can i add domains Whitelist ,in controlled enviroment i know which domains are allowed anything else Trigger alert or log message/ email would be good as well.

  2. Same as 1 expect look for URL or part of URL like /?var=32532part (basically any URI)

  3. Software which are not approved trigger alert.

  4. Integrate for Cuckoo or sandbox ?

Any scripting guide /videos (paid or free ) which can help in basics and can ramp up modules script writing.

Thanks for support and creating wonderful software.

Regards,

Vijay