Fw: [Bro] False positive

Angelita de Cássia Corrêa angelita at uol.com.br
Fri Jul 22 06:20:15 PDT 2005

Do I need to configure all configuration files like s2b.cfg, s2b-augment.cfg
? Or  Do I have to execute this script with another parameters to convert de

----- Original Message ----- 
From: "Christian Kreibich" <christian at whoop.org>
To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
Cc: "Bro List" <bro at bro-ids.org>
Sent: Thursday, July 21, 2005 9:32 PM
Subject: Re: Fw: [Bro] False positive


On Thu, 2005-07-21 at 20:48 -0300, Angelita de Cássia Corrêa wrote:
> Hi, I saw at documentation about snort2bro, it converts Snort's signature
> into Bro signatures, I think using this I will analyse the alerts like I
> need.
> How can I obtain the snort2bro script to do this convertation? or  Does
> bro have another way to analyse de signatures?

snort2bro is contained in the latest 0.9 development release and can be
found in scripts/s2b/bin/. There's also some material on it at


However I don't know if that information is still accurate.


Bro mailing list
bro at bro-ids.org

More information about the Bro mailing list