Help

rahul_rakesh · February 6, 2018, 4:59am

Dear Team,
i am a noob to working with broids need some help with the signature framework
i have created a .sig file as shown in the document-

signature my-first-sig {
    ip-proto == tcp
    dst-port == 80
    payload /.*root/
    event "Found root!"
}

and loading this signature using /base/init-bare.bro using the @load-sig directive

also included /frameworks/signature/main.bro in local.bro script

then running bro using broctl and command deploy

after that sending any packet matching that signature is not creating any signature.log

or notice.log

Please guide me

Regards,

Rahul

Topic		Replies	Views
BRO signature Zeek	2	104	May 6, 2022
BRO SIGNATURE Zeek	1	83	May 6, 2022
signature match script Zeek	4	67	May 6, 2022
Signature example Zeek	1	96	May 6, 2022
BRO signature Zeek	1	47	May 6, 2022

Help

Related Topics