CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bro Module - disable some policies and enable JA3

Browse Source
This commit is contained in:
Mike Reeves
2018-09-20 13:53:24 -04:00
parent c9b7786baf
commit b1535ce9f5
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/bro/files/local.bro
View File

@@ -107,13 +107,13 @@
######################################
# Add the interface to the log event
@load securityonion/add-interface-to-logs.bro
#@load securityonion/add-interface-to-logs.bro
# Add Sensor Name to the conn.log
@load securityonion/conn-add-sensorname.bro
#@load securityonion/conn-add-sensorname.bro
# File Extraction
@load securityonion/file-extraction
#@load securityonion/file-extraction
# Intel from Mandiant APT1 Report
#@load securityonion/apt1
@@ -121,6 +121,9 @@
# ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271
#@load securityonion/shellshock
# JA3 - SSL Detection Goodness
@load policy/ja3
#############################
## End SO Scripts Section ##
#############################