a bro script case study
play

A Bro Script Case Study Bro Workshop 2011 NCSA, Urbana-Champaign, - PowerPoint PPT Presentation

May 05, 2023 •299 likes •480 views

A Bro Script Case Study Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 No deep detail now, just enough to understand basic constructs. Important to focus on script structure and data flow. Bro Workshop 2011 2 Script

  1. A Bro Script Case Study Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011

  2. • No deep detail now, just enough to understand basic constructs. • Important to focus on script structure and data flow. Bro Workshop 2011 2

  3. Script layout changes in 2.0 Bro Workshop 2011 3

  4. Important script directories. Found at: <prefix>/share/bro/ Bro Workshop 2011 4

  5. base/ directory • Everything is loaded by default. • Possible to disable with a Bro command line argument, but not recommended. • The scripts are only meant to enable analyzers, collect state, generate protocol logs, and provide reusable frameworks and function libraries. • base/ is not in the default $BROPATH! Bro Workshop 2011 5

  6. policy/ directory • Nothing here is loaded by default. • This is where many of the detections that Bro does out of the box take place. • Almost any functionality that doesn ʼ t fit into base/ goes here. Bro Workshop 2011 6

  7. site/ directory • This is where local configuration goes. • Files are not overwritten during installation. • We include a “suggested” configuration in site/ local.bro • It ʼ s mostly just a long list of @load statements. Bro Workshop 2011 7

  8. SSL Base Scripts Bro Workshop 2011 8

  9. Quick aside about module layout • __load__.bro is an auto load file. We can now load directories. • main.bro is a convention we use for consistency. There is no special __load__.bro language support for it. Found at: <prefix>/share/bro/base/protocols/ Bro Workshop 2011 9

  10. Create the skeleton

  11. Define the log

  12. Create a helper function

  13. SSL Client Hello

  14. SSL Server Hello

  15. Certificates

  16. server_name extension

  17. Finish the log

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Arabic Script Variant Issues for TLDs Arabic Case Study Team Arabic Case Study Team

Arabic Script Variant Issues for TLDs Arabic Case Study Team Arabic Case Study Team

Arabic Script Variant Issues for TLDs Arabic Case Study Team Arabic Case Study Team Isolated final medial initial 2 Not all PVALID

478 views • 13 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

910 views • 4 slides
The VIP Study of the Latin Script Cary Karp ck@nrm.museum The Latin alphabet is used in the

The VIP Study of the Latin Script Cary Karp ck@nrm.museum The Latin alphabet is used in the

IDN Variant Issues Project ICANN Dakar, 24 October 2011 The VIP Study of the Latin Script Cary Karp ck@nrm.museum The Latin alphabet is used in the writing systems of more languages than is any other single script. a b c d e f g h i j k l

626 views • 20 slides
Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc

Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc

Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc kland What We ll Co ve r T o day T he L ig htbulb Mo me nt My Ph.D Case Study Case Study Charac te ristic s Case Study Stre

424 views • 10 slides
Class Unity scripts Rotate cube script Counter + collision script Sound script

Class Unity scripts Rotate cube script Counter + collision script Sound script

Class Unity scripts Rotate cube script Counter + collision script Sound script Materials script / mouse button input Add Force script Key and Button input script Particle script / button input Instantiate

603 views • 14 slides
2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular,

2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular,

2.7 Case Study: Floorplan Optimization Page 1 of 7 2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular, symbolic problem. The solution that we develop incorporates a task scheduling algorithm. 2.7.1

259 views • 7 slides
Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the

Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the

Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the Case Study found in the Assignment section of M005 and be ready to present your findings in a formal presentation in week 11. Each team member

319 views • 6 slides
ASSESSMENTS I Introduction II Case Study #1 III - Case Study #2 REACH Introduction

ASSESSMENTS I Introduction II Case Study #1 III - Case Study #2 REACH Introduction

INTER AGENCY SHELTER CLUSTER ASSESSMENTS I Introduction II Case Study #1 III - Case Study #2 REACH Introduction Most clusters (including shelter) used to inform sectoral planning without a capacity to effectively collect, analyze and

520 views • 15 slides
Case Study Marlysa Sullivan: msullivan1@muih.edu Introduction This is a case study of a woman

Case Study Marlysa Sullivan: msullivan1@muih.edu Introduction This is a case study of a woman

Case Study Marlysa Sullivan: msullivan1@muih.edu Introduction This is a case study of a woman who has a primary complaint of back pain with secondary complaints of migraines, anxiety, difficulty with sleep. Yoga Therapy has decreased her

576 views • 19 slides
DCK DCK Cons Constructi truction on Case Case Study Study #1 #1 Background: Formed in 2008,

DCK DCK Cons Constructi truction on Case Case Study Study #1 #1 Background: Formed in 2008,

DCK DCK Cons Constructi truction on Case Case Study Study #1 #1 Background: Formed in 2008, DCK is the largest construction/ general contractor company in the Pittsburgh, PA region Industries served by DCK include hospitality, timeshare,

98 views • 7 slides
1 Urbanization projects in BIM 3 3. CASE STUDY 4 3. CASE STUDY 5 4. VALIDATION OF THE

1 Urbanization projects in BIM 3 3. CASE STUDY 4 3. CASE STUDY 5 4. VALIDATION OF THE

1 Urbanization projects in BIM 3 3. CASE STUDY 4 3. CASE STUDY 5 4. VALIDATION OF THE METHODOLOGY Results analysis. Element definition Environmental impact Budget Unit Description (t CO2eq/Unit) (m3/Unit) MJ/Unit EUR/Unit The

639 views • 24 slides
Outline Overview VR Tour VR Tour Entities Luiz Velho Tour Script IMPA Tour

Outline Overview VR Tour VR Tour Entities Luiz Velho Tour Script IMPA Tour

Outline Overview VR Tour VR Tour Entities Luiz Velho Tour Script IMPA Tour Experience Case Study VR Tour Concepts Meta-Narrative &quot;Guided Participatory Meta-Narrative Narrative-Based Content For Virtual

618 views • 7 slides
A Link Between Environmental Injustice and COVID- 19: A Case Study of Chicago and Milwaukee CASE

A Link Between Environmental Injustice and COVID- 19: A Case Study of Chicago and Milwaukee CASE

A Link Between Environmental Injustice and COVID- 19: A Case Study of Chicago and Milwaukee CASE Fellow: Hannah Bacon CASE Mentor: Dr. Connie Mixon, PhD, MPA Elmhurst University Research focus: This study examines the correlation between

167 views • 15 slides
Case Study Presentation to Utility Districts April 8-9, 2013 Cypress Creek Greenway Case Study

Case Study Presentation to Utility Districts April 8-9, 2013 Cypress Creek Greenway Case Study

Cypress Creek Greenway Case Study Presentation to Utility Districts April 8-9, 2013 Cypress Creek Greenway Case Study Case Study: What and Why? Part of Houston- Galveston Area Councils Regional Plan for Sustainable Development One

595 views • 31 slides
CASE STUDY Solution CASE STUDY Solution 1/8 Main characteristics: A multi site ITN of 8

CASE STUDY Solution CASE STUDY Solution 1/8 Main characteristics: A multi site ITN of 8

CASE STUDY Solution CASE STUDY Solution 1/8 Main characteristics: A multi site ITN of 8 partners (coordinated by the organisation KIWI) proposes to provide: initial training of 36 months to 11 ESRs (total 396 person months) and

345 views • 10 slides
Case Management Best P r actice Case Management regulations. Case Study. Community

Case Management Best P r actice Case Management regulations. Case Study. Community

Case Management Best P r actice Case Management regulations. Case Study. Community Links Wollondilly and the Case Work Team LEGISLATION AGENCY STANDARDS PROFESSIONAL STANDARDS CMSA STANDARDS STRENGTH BASED APPROACH PERSON

472 views • 25 slides
WEB COMMUNITY Web Community Changes, UVU Annual Web Audit, New Directory/Profile System January

WEB COMMUNITY Web Community Changes, UVU Annual Web Audit, New Directory/Profile System January

WEB COMMUNITY Web Community Changes, UVU Annual Web Audit, New Directory/Profile System January 25, 2019 Our Agenda Today Adjustments to Web Community UVU annual Website Audit details and instructions New Directory/Profile system

523 views • 14 slides
A4: Insecure Direct Object References A4 Insecure Direct Object References General

A4: Insecure Direct Object References A4 Insecure Direct Object References General

A4: Insecure Direct Object References A4 Insecure Direct Object References General problem: Unrestricted Access A4: Data not properly protected A7: Functions not properly protected Examples Presentation-layer access control

506 views • 27 slides
Session Announcement Proto col Colin P erkins &lt; c.p erkins@cs.ucl.ac.uk &gt; Depa rtment

Session Announcement Proto col Colin P erkins &lt; c.p erkins@cs.ucl.ac.uk &gt; Depa rtment

Session Announcement Proto col Colin P erkins &lt; c.p erkins@cs.ucl.ac.uk &gt; Depa rtment of Computer Science Universit y College London Go w er Street London W C1E 6BT The new SAP draft The current sp ec

636 views • 14 slides
CSCI 350 Pintos Intro Mark Redekopp 2 Resources Pintos Resources

CSCI 350 Pintos Intro Mark Redekopp 2 Resources Pintos Resources

1 CSCI 350 Pintos Intro Mark Redekopp 2 Resources Pintos Resources https://web.stanford.edu/class/cs140/projects/pintos/pintos.html#SEC_Top Skip Stanford related setup in section 1.1 and 1.1.1

376 views • 16 slides
File Systems Storing Information Applications can store it in the process address space

File Systems Storing Information Applications can store it in the process address space

File Systems Storing Information Applications can store it in the process address space Why is it a bad idea? Size is limited to size of virtual address space May not be sufficient for airline reservations, banking, etc. The

1.07k views • 69 slides
Distributed Systems Distributed File Systems Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Distributed File Systems Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Distributed File Systems Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Distributed File

1.56k views • 109 slides
Review 2 Summer 2013 Cornell University 1 Today File System Storage Networking

Review 2 Summer 2013 Cornell University 1 Today File System Storage Networking

CS 4410 Operating Systems Review 2 Summer 2013 Cornell University 1 Today File System Storage Networking Security 2 File-System Interface Files Logical storage unit Independent entity Attributes

501 views • 12 slides
Previous Lecture Slides for Lecture 23 ENCM 501: Principles of Computer Architecture Winter 2014

Previous Lecture Slides for Lecture 23 ENCM 501: Principles of Computer Architecture Winter 2014

slide 2/19 ENCM 501 W14 Slides for Lecture 23 Previous Lecture Slides for Lecture 23 ENCM 501: Principles of Computer Architecture Winter 2014 Term Steve Norman, PhD, PEng introduction to cache coherency protocols Electrical &amp;

557 views • 4 slides

More recommend