event handler in beo

Sir/Mam
i need to write an event handler for when my signature is matched .
can anyone tell me how to do?
thanks

Hello Anshu,

When your signature is matched by a script it raises a signature_match event, as described here:
https://www.bro.org/sphinx-git/scripts/base/bif/event.bif.bro.html#id-signature_match

For a very simple example of this event matching to a specific signature see:
http://try.bro.org/#/trybro/saved/8104

I have just modified the example signature provided in:
https://www.bro.org/sphinx-git/frameworks/signatures.html
to look for the string "youtube" instead of "root" (anywhere in the payload), this way you can run it on the provided http.pcap file to get a match.

Hope that helps,
Michel