Question: How to block a malicious file

I’m trying to write a script that after checking on virus total the hash of a file will block it if malicious.
I run a ruby script that checks the hash against virus total and return 0 if not malicious and more if not.
I have looked into the documentation but I can’t figure out how to block a file once I know it’s malicious…

Do I need an external tool?


Giorgio Apuzzo

Hello Giorgio,

Since Bro works completely passively, and is not an in-line component, Bro
itself cannot block a file. By the time that Bro can calculate the file
hash, the whole file already will have been transferred to the client who
was downloading it. You can just do an after-the-fact reporting.

You could potentially use the NetControl framework (in master, will be
part of 2.5) to block future network connections of the hosts.

I hope this helps,