Hi to All,
does any body know how can I get the hot attribute from the connection record structure to be a column in the connection log file and also the same for the attribute logged in which determine if the host is logged in ( 1 ) or not ( 0 )
to be more clear I trying to get a log file from Bro which is similar to the KDD’99 data set
it has those attribute
duration, protocol_type, theService, flag (== state in Bro connection record struct), src_bytes, dst_bytes, hot, logged_in,
theCount, srv_count, serror_rate, rerror_rate, srv_rerror_rate,
same_srv_rate, diff_srv_rate, srv_diff_host_rate, dst_host_count, dst_host_srv_count, dst_host_diff_srv_rate, dst_host_same_src_port_rate,
dst_host_serror_rate, dst_host_srv_serror_rate, dst_host_rerror_rate, dst_host_srv_rerror_rate, attack_type and many others
the red attributes are important to me and natively this dataset is generated by using Bro and another programme
I will be very grateful if you helped me,
Thanks in advance to your help,
Hassan