mavam/dns-lookup.bro

Created November 2, 2012 22:59

Star 0 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mavam/4004865.js"></script>
Save mavam/4004865 to your computer and use it in GitHub Desktop.

Download ZIP

DNS lookup in Bro using the when statement

Raw

dns-lookup.bro

	when (local result = lookup_addr("www.bro-ids.org"))
	{
	for (addr in result)
	print addr;
	}

jbaggs commented Jun 19, 2018 •

edited

The lookup_addr function takes an ip address as its argument, and performs a reverse-dns lookup. The function used here should be lookup_hostname.

https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-lookup_hostname

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment