[Bro] windows?

Christian Kreibich christian at whoop.org
Sun Dec 10 13:22:44 PST 2006

On Fri, 2006-12-08 at 15:21 -0800, Jim Mellander wrote:
> 1. Bro people are less than enthusiastic about Windows
> 2. It seemed to add value as a way for internal hosts to have a
> lightweight IDS capability, which could potentially report back to a
> central station.
> 3. It adds a dimension to internal monitoring that e.g. Netflow doesn't
> have, as it gives the opportunity for detection of intra-subnet scanning
> or other malicious activities.

Maybe I need to stress that I was referring only to Bro itself. If you
want to feed Windows host-based information into your monitoring setup,
for example, then Broccoli is very much an option. I can't guarantee
that it'll currently build out of the box on Windows, but I successfully
ran Windows Broccoli apps a while back. Having Broccoli work on as many
platforms as possible is definitely our intention, and patches as well
as experience reports are very welcome.


More information about the Bro mailing list