scripting:introbro
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
scripting:introbro [2018/09/28 19:19] – [Two scripting pipelines in Trisul] veera | scripting:introbro [2018/09/28 19:32] – [Two scripting pipelines in Trisul] veera | ||
---|---|---|---|
Line 27: | Line 27: | ||
^ Feature ^ Bro ^ Trisul ^ | ^ Feature ^ Bro ^ Trisul ^ | ||
|language | .bro language | LuaJIT | |language | .bro language | LuaJIT | ||
- | |protocol decoding | Bro framework provides fine grained events representing protocol fields to your script. | + | |docs|[[https:// |
+ | |protocol decoding | Bro framework provides fine grained events representing protocol fields to your script. | ||
|events | fine grained " | |events | fine grained " | ||
|extending | you can write C code and integrate it to your Bro scripting using a *.bif file. This involves a binary compile process |leverages LuaJIT FFI to directly call library functions | | |extending | you can write C code and integrate it to your Bro scripting using a *.bif file. This involves a binary compile process |leverages LuaJIT FFI to directly call library functions | | ||
Line 35: | Line 36: | ||
|threading|single with load balanced workers | multithreaded with load balanced threads, this allows for very fast state sharing between multiple threads using message passing. During development and debugging you can turn it into a single threaded system | | |threading|single with load balanced workers | multithreaded with load balanced threads, this allows for very fast state sharing between multiple threads using message passing. During development and debugging you can turn it into a single threaded system | | ||
|async|yes|yes - you can have a deferred execution of a LUA code block| | |async|yes|yes - you can have a deferred execution of a LUA code block| | ||
- | |intel|intel framework|Essentially we use a LevelDB library via FFI to dump all the Intel items and use that to lookup | + | |intel|intel framework|you can choose your own framework. We like to dump all threat |
|packaging|Yes - Bro packages| Yes - Trisul APPs | | |packaging|Yes - Bro packages| Yes - Trisul APPs | | ||
- | |example|JA3 TLS Fingerprint written [[ https:// | + | |example|JA3 TLS Fingerprint written [[ https:// |
- | |docs|[[https:// | + | |disadvantage| - | LuaJIT has a 2GB limit on total memory use, therefore your scripts |
Line 56: | Line 57: | ||
+ | To conclude, this was a quick introduction to Trisul scripting. We will be diving deeper into each of the areas in the coming days. |
scripting/introbro.txt · Last modified: 2018/09/28 23:18 by veera