new to bro, a few questions

John_Brown_isFaster · February 5, 2017, 3:20am

Hi, I’m new to Bro and I’m wondering how I can do a couple of things:

I’d like to basically disable all of the various rules and detection stuff.
I’d like to create a simple rule that detects say DNS packets with cpsc.gov in the query or answer

Figure it would be best to start simple and then build up rules (either my own, or others) as I need them. Sort of a K&R “Hello World” approach…

Any specifics would be much appreciated.

Thank you

anthony_kasza1 · February 5, 2017, 10:03pm

You may want to look at Bro’s “bare mode”. It starts Bro without many of Bro’s features.

-AK

Topic		Replies	Views
dns.bro Development development	8	105	May 6, 2022
importing bro rules Zeek	2	78	May 6, 2022
creating bro scripts Zeek	1	93	May 6, 2022
Bro quickstart Zeek	4	90	May 6, 2022
Few questions... Zeek	2	68	May 6, 2022