[Bro] Bro signatures
rodrigue.alahassa at gmail.com
Sat Oct 22 09:45:05 PDT 2011
I get a little confused about content conditions for Bro signature. I'm
working to automate generation of signature compliant with Bro.
I would like to know how Bro behaves in two cases. I tried to provide many
content-conditions for one signature. Let's say that I want to detect the
following patterns in a stream (just some examples):
If i use the following condition, it will detect all occurrences of common
followed by attack and vulnerabilities,
What if I use a combination of those expressions:
I looked around, but did not find anything to help me understand how the
signature engine will behave in these cases.
Thanks in advance for your help.
SLt COC ALAHASSA
Professeur Georges LEMAITRE
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro