Hi Team,
I am new to bro and starting to look at platform from various detection and policy point of view.
I have following queries :
-
How can i add domains Whitelist ,in controlled enviroment i know which domains are allowed anything else Trigger alert or log message/ email would be good as well.
-
Same as 1 expect look for URL or part of URL like /?var=32532part (basically any URI)
-
Software which are not approved trigger alert.
-
Integrate for Cuckoo or sandbox ?
Any scripting guide /videos (paid or free ) which can help in basics and can ramp up modules script writing.
Thanks for support and creating wonderful software.
Regards,
Vijay