I’ve been wrestling with how to go about learning the Bro scripting language and tried my best to document the process I’m using while trying to solve a Network Forensics Challenge using Bro.
http://ryesecurity.blogspot.com/2012/04/solving-network-forensic-challenges.html
I’m hoping to make it a series of posts to help people new to the scripting language (myself included) who might have the same questions.
I’d welcome any comments or critiques.
Thanks,
Scott