[Bro-Dev] Book outline
Robin Sommer
robin at icir.org
Fri Oct 1 08:33:34 PDT 2010
Below's a first shot at a chapter outline. This is clearly not
perfect yet, but let me know what you think. In particular, what's
missing?
Robin
--------- cut -------------------------------------------------------
1. Introduction
Philosophy (aka "Bro is not Snort")
Features
2. Getting Started
System Requirements
Installing Bro
Running Bro from the Command Line
Using Bro Control
3. Using Bro
Understanding Bro's Output
Notices and Alarms
Activity Logs
Weird Activity
Customizing Scripts
Building a Site Policy
Notice Policy
Tuning
Standard Policy Files
<The most important ones>
Behind the Curtain:
Capture Filters
Dynamic Protocol Detection
Log Rotation and Post-Processing
Active Response
Offline Analysis
System Tuning
4. Writing Bro Scripts
Language Overview
Event Handlers
State Management
Inter-Bro Communication
Signatures
Profiling and Debugging
5. Scripting Idioms/Patterns
TODO: Collect.
6. Bro Control
7. Operating a Bro Cluster
8. Interfacing with the External World
Broccoli
Time Machine
9. Bro in Operation
<Tie things together from an operational perspective>
10. Summary
Getting More Information
Contributing Back
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list