Using the Bro Intel Framework Task Desсrіption Use all of the Indicators of Compromise (IOC) you identified in Week 4 to build an intel feed for Bro. Follow the instructions provided here: https://docs.zeek.org/en/current/frameworks/intel.html You will edit /opt/bro/share/bro/site/local.bro to include these lines redef Intel::read_files += { ″/somewhere/yourdata.txt″ }; @load policy/frameworks/intel/seen If it′s not already clear, ″/somewhere/yourdata.txt″ will need to be changed to point to the actual file you create with the indicators from week 4. Then, using the meta.if_in and meta.do_notice fields, modify your intel data file so that a notice is generated only when one of the domains is seen in HTTP(S) traffic. If any of the rest of the indicators are seen in the traffic, only an entry in the intel.log file should be generated. Hint: if you′re not seeing a notice file, look at the intel.log file, and check the ″seen.where″ field. Important: the intel data file must have the first line in the following format, with each field separated by one and only one TAB. Each line must contain one indicator, with all fields tab-separated. #fields indicator indicator_type meta.desc etc etc etc This site has an example that might help: https://old.zeek.org/current/exercises/intel/index.html Deliverable Process the two pcaps from week 4 using the new bro configuration and intel framework. Submit a single report in MS Word format including the contents of your intel data file, the contents of the resulting intel.log and notice.log files, and a few paragraphs describing your process and the value or utility of this capability. Using the Bro Intel Framework Task Desсrіption Use all of the Indicators of Compromise (IOC) you identified From malware-traffic-anaylis.net to build an intel feed for Bro. Follow the instructions provided here: https://docs.zeek.org/en/current/frameworks/intel.html You will edit /opt/bro/share/bro/site/local.bro to include these lines redef Intel::read_files += { ″/somewhere/yourdata.txt″ }; @load policy/frameworks/intel/seen If it′s not already clear, ″/somewhere/yourdata.txt″ will need to be changed to point to the actual file you create with the indicators from week 4. Then, using the meta.if_in and meta.do_notice fields, modify your intel data file so that a notice is generated only when one of the domains is seen in HTTP(S) traffic. If any of the rest of the indicators are seen in the traffic, only an entry in the intel.log file should be generated. Hint: if you′re not seeing a notice file, look at the intel.log file, and check the ″seen.where″ field. Important: the intel data file must have the first line in the following format, with each field separated by one and only one TAB. Each line must contain one indicator, with all fields tab-separated. #fields indicator indicator_type meta.desc etc etc etc This site has an example that might help: https://old.zeek.org/current/exercises/intel/index.html Deliverable Process the two pcaps Malware-traffic-analysis.net website using the new bro configuration and intel framework. Submit a single report in MS Word format including the contents of your intel data file, the contents of the resulting intel.log and notice.log files, and a few paragraphs describing your process and the value or utility of this capability.
Related Completed Projects
Discuss the criteria a human resource professional should utilize to determine whether an organization should hire a full-time versus part-time employee, a consultant versus an employee, and what those implications would be for both an organization and an employee.
How has COVID19 affected young students education
Can the UK Parliament abolish the Scottish legal system?
Write a research paper on The Importance of Information Security Compliance