[Bro] Emerging Threats signatures on Bro ids ?
mcholste at gmail.com
Fri Aug 10 15:33:45 PDT 2012
Your best bet would be to try to convert the ET USER_AGENTS signatures
and modify them for inclusion in
. That would be a good start.
On Fri, Aug 10, 2012 at 7:19 PM, rmkml <rmkml at yahoo.fr> wrote:
> Anyone interested for supporting / converting Emerging Threats [ET] signatures on Bro IDS ?
> - convert on regexp bro format (if threats are easy)
> - or better convert to a bro powerful language... (more complex threats)
> Not a automatic converter, need (long long) review all signatures for understand threats and use better (bro) converter...
> What do you think ?
> Im interested if anyone are running futur bro+ET direct feedback... (FP, FN, performance....)
> Happy Detect with Bro, Suricata and Snort.
> Bro mailing list
> bro at bro-ids.org
More information about the Bro