Brian Little created BIT-1167:
---------------------------------
Summary: Add subnet support to intel framework
Key: BIT-1167
URL: https://bro-tracker.atlassian.net/browse/BIT-1167
Project: Bro Issue Tracker
Issue Type: Patch
Components: Bro
Affects Versions: 2.2
Reporter: Brian Little
Priority: Low
Attachments: bro-intel-subnet.patch
Here is a patch to add Intel::NET data as a type to search on. This allows
adding whole subnets to the intel data rather than just individual addresses.
I have also updated the btest.
I'm not sure if the lookup is the best way of doing it - currently if loops
through each subnet and then checks if the host is part of each. Is it possible
to do it in a more efficient way?
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
