[Bro] Off-line analysis
vern at icir.org
Sun Dec 5 14:28:35 PST 2004
> For what its worth, I've been attempting to compare snort vs bro for a class
> (perhaps like you are) and evidently I'm doing something wrong since I get
> dozens of unique alerts (or alarms) in snort, but only 3 unique ones in bro.
> I'm sure it is a configuration problem but if anyone wants to volunteer any
> suggestions it would be appreciated.
Can you send me an example (perhaps off-line)?
More information about the Bro