how to use Bro getting 41 features of a connect record

Vern · December 28, 2002, 7:44am

KDD Cup 1999 Data
The author said Bro is modified to generate the 41 features, I
would preciated if someone is kind enough to give me some hints how
to do this. I am sure a event analyser and handler sould added to
Bro, but where, how and when to invoke the event handler.

Presumably, yes, they wrote policy scripts, and perhaps also extended
the event engine. But it seems you should ask the authors directly
to get the details.

Vern

Ashley_Thomas · January 6, 2003, 4:55am

Hi,

I can see that Bro supports HTTP methods - GET, HEAD and POST.
But in between i see entries in weird.log saying -
1041827706.208639 128.61.74.29/2254 > *.*.*.*/http: HTTP_unknown_method

I am using bro 0.7a90 and was wondering if analysis of other methods are being done
with latest version ...?

-Ashley

Topic		Replies	Views
I have some questions about Bro, thanks! Zeek	3	51	May 6, 2022
Bro questions from a rookie Zeek	2	71	May 6, 2022
Question about creating custom conn logs. Zeek	2	54	May 6, 2022
http_request event Zeek	7	87	May 6, 2022
Bro Digest, Vol 101, Issue 4 Zeek	1	52	May 6, 2022

how to use Bro getting 41 features of a connect record

Related Topics