Bro Whitelists and Integration

vikrant.nook · November 17, 2015, 10:05am

Hi Team,

I am new to bro and starting to look at platform from various detection and policy point of view.

I have following queries :

How can i add domains Whitelist ,in controlled enviroment i know which domains are allowed anything else Trigger alert or log message/ email would be good as well.
Same as 1 expect look for URL or part of URL like /?var=32532part (basically any URI)
Software which are not approved trigger alert.
Integrate for Cuckoo or sandbox ?

Any scripting guide /videos (paid or free ) which can help in basics and can ramp up modules script writing.

Thanks for support and creating wonderful software.

Regards,

Vijay

Topic		Replies	Views
whitelisting Zeek	11	71	May 6, 2022
General Whitelisting IP's or Domains Zeek	4	54	May 6, 2022
Announcing an Unofficial Bro Script Repository Zeek	7	87	May 6, 2022
dns.bro Development development	8	77	May 6, 2022
Question from a beginner Zeek	2	56	May 6, 2022