[Bro-Dev] Book outline

Robin Sommer robin at icir.org
Fri Oct 1 08:33:34 PDT 2010


Below's a first shot at a chapter outline.  This is clearly not
perfect yet, but let me know what you think. In particular, what's
missing?

Robin

--------- cut -------------------------------------------------------


1. Introduction

   Philosophy (aka "Bro is not Snort")

   Features
   
2. Getting Started

   System Requirements

   Installing Bro

   Running Bro from the Command Line
   
   Using Bro Control

3. Using Bro 

   Understanding Bro's Output
      Notices and Alarms
      Activity Logs
      Weird Activity
      
   Customizing Scripts
      Building a Site Policy   
      Notice Policy
      Tuning
      
   Standard Policy Files
      <The most important ones>
      
   Behind the Curtain:
      Capture Filters
      Dynamic Protocol Detection
      
   Log Rotation and Post-Processing 
      
   Active Response
   
   Offline Analysis

   System Tuning

4. Writing Bro Scripts
   
   Language Overview
   
   Event Handlers
   
   State Management

   Inter-Bro Communication
   
   Signatures
   
   Profiling and Debugging

5. Scripting Idioms/Patterns

   TODO: Collect.

6. Bro Control 

7. Operating a Bro Cluster

8. Interfacing with the External World

   Broccoli

   Time Machine

9. Bro in Operation

   <Tie things together from an operational perspective>

10. Summary 

   Getting More Information
   
   Contributing Back   


-- 
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org 
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org



More information about the bro-dev mailing list