Matt Domko

icon location Infosec Nerd and Instructor. Most of my code looks like lego's haphazardly put together, but it solves my problems... Maybe it will be helpful to you.

Results 6 issues of Matt Domko

Feature Request: Recon Mode

1 comment

Many of the modules make changes to the AWS account (as per the wiki)... Although it SHOULD be assumed that no one will use this without RTFM.... It might be...

enhancement

Baseline.bro modifications

Script is currently edited in ./etc before copy to bro directory. Make changes in memory or at the dest, not in the source file. Prevents reinstall issues

Netflow collection

Not everyone has a flow collector, and there are py modules for it. Add this in the future.

Netflow record support

Add support for parsing flow records in common formats to generate rules/PPSMs. I need sample data for this one.

Support for custom comments

May need to rewrite how rules are read/written. Consider nested tables.... But allow for a C option at y/n time to add custom comments

Support for IPv6

Might be easy:: add 2x new functions: one that checks if address is IPv6, and one that creates /128 rules by default