Hello,
My name is Milandon, I work for Dissect Cyber part time. I am looking
to work with Time Machine and Bro, but I need some help. I am not
terribly well versed in Broscript, but I have been learning. One of my
main goals is to setup bro and time machine to log entire streams when
a specific value in the bro log matches a criteria. In this case, I am
attempting to use Time Machine to capture pcaps when bro detects a
connection that originated from the outside of the network (using the
field that labels connections with T or F).
Can someone please point me in the right direction? The guys and girls
on #Bro were nice and helpful, but time machine isn't their strength.
One guy, Justin AZ(?) pointed me to bro 1.5 which has broscripts for
time machine, but I do not know what i need to add or rewrite to get
it to work the way I want.
I am also interested in using Time Machine for other tasks, but those
are in the future, and I would like to tackle one thing at a time if
possible.
Please feel free to contact me via email at layer3@dissectcyber.com.
Or if you want to chat just let me know. ALso, if you need more
information don't hesitate to ask!
Thanks for your time,
Milandon