[Bro] Emerging Threats signatures on Bro ids ?

rmkml rmkml at yahoo.fr
Fri Aug 10 17:19:36 PDT 2012


Anyone interested for supporting / converting Emerging Threats [ET] signatures on Bro IDS ?

- convert on regexp bro format (if threats are easy)

- or better convert to a bro powerful language... (more complex threats)

Not a automatic converter, need (long long) review all signatures for understand threats and use better (bro) converter...

What do you think ?

Im interested if anyone are running futur bro+ET direct feedback... (FP, FN, performance....)

Happy Detect with Bro, Suricata and Snort.


More information about the Bro mailing list