christian at whoop.org
Sun Dec 10 13:22:44 PST 2006
On Fri, 2006-12-08 at 15:21 -0800, Jim Mellander wrote:
> 1. Bro people are less than enthusiastic about Windows
> 2. It seemed to add value as a way for internal hosts to have a
> lightweight IDS capability, which could potentially report back to a
> central station.
> 3. It adds a dimension to internal monitoring that e.g. Netflow doesn't
> have, as it gives the opportunity for detection of intra-subnet scanning
> or other malicious activities.
Maybe I need to stress that I was referring only to Bro itself. If you
want to feed Windows host-based information into your monitoring setup,
for example, then Broccoli is very much an option. I can't guarantee
that it'll currently build out of the box on Windows, but I successfully
ran Windows Broccoli apps a while back. Having Broccoli work on as many
platforms as possible is definitely our intention, and patches as well
as experience reports are very welcome.
More information about the Bro