[Bro-Dev] Book outline

Robin Sommer robin at icir.org
Fri Oct 1 08:33:34 PDT 2010

Below's a first shot at a chapter outline.  This is clearly not
perfect yet, but let me know what you think. In particular, what's


--------- cut -------------------------------------------------------

1. Introduction

   Philosophy (aka "Bro is not Snort")

2. Getting Started

   System Requirements

   Installing Bro

   Running Bro from the Command Line
   Using Bro Control

3. Using Bro 

   Understanding Bro's Output
      Notices and Alarms
      Activity Logs
      Weird Activity
   Customizing Scripts
      Building a Site Policy   
      Notice Policy
   Standard Policy Files
      <The most important ones>
   Behind the Curtain:
      Capture Filters
      Dynamic Protocol Detection
   Log Rotation and Post-Processing 
   Active Response
   Offline Analysis

   System Tuning

4. Writing Bro Scripts
   Language Overview
   Event Handlers
   State Management

   Inter-Bro Communication
   Profiling and Debugging

5. Scripting Idioms/Patterns

   TODO: Collect.

6. Bro Control 

7. Operating a Bro Cluster

8. Interfacing with the External World


   Time Machine

9. Bro in Operation

   <Tie things together from an operational perspective>

10. Summary 

   Getting More Information
   Contributing Back   

Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org 
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org

More information about the bro-dev mailing list