Ah, ok...Well, sounds like it's time for me to try out that external
command script you've mentioned... :)
On Mon, Feb 25, 2013 at 3:57 PM, Seth Hall <seth(a)icir.org> wrote:
On Feb 24, 2013, at 10:08 PM, Jesse Bowling <jessebowling(a)gmail.com>
Similar to how Bro implements the detect-MHR
script, I'd like to do a
lookup against a REST API for hashes on
executables...I can do it easily
enough in python but...How can I do it in Bro?
No, not yet. I'm hoping that for 2.2 we can get some form of active HTTP
into Bro. I have something implemented in my junk drawer repository
already, but it needs a bug fix that hasn't been merged into master yet.
International Computer Science Institute
(Bro) because everyone has a network