CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bro Module - disable some policies and enable JA3

Browse Source
This commit is contained in:
Mike Reeves
2018-09-20 13:53:24 -04:00
parent c9b7786baf
commit b1535ce9f5
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/bro/files/local.bro
View File

@@ -107,13 +107,13 @@
###################################### ######################################
# Add the interface to the log event # Add the interface to the log event
@load securityonion/add-interface-to-logs.bro #@load securityonion/add-interface-to-logs.bro
# Add Sensor Name to the conn.log # Add Sensor Name to the conn.log
@load securityonion/conn-add-sensorname.bro #@load securityonion/conn-add-sensorname.bro
# File Extraction # File Extraction
@load securityonion/file-extraction #@load securityonion/file-extraction
# Intel from Mandiant APT1 Report # Intel from Mandiant APT1 Report
#@load securityonion/apt1 #@load securityonion/apt1
@@ -121,6 +121,9 @@
# ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271 # ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271
#@load securityonion/shellshock #@load securityonion/shellshock
# JA3 - SSL Detection Goodness
@load policy/ja3
############################# #############################
## End SO Scripts Section ## ## End SO Scripts Section ##
############################# #############################