[Bro] Emerging Threats signatures on Bro ids ?

rmkml rmkml at yahoo.fr
Sat Aug 11 17:41:49 PDT 2012


Ok first alpha release on yesterday update (open-gpl) Emerging Threats signatures :
(contains only 13 signatures)

Im interested if you have comments/feedback/flame/performance/FP/FN please.

Tested on bro v2.0 with:
  bro -C -r test.pcap et_bro2_10aug

Futur work:
I have a small pb on this bro powerful language:
-I have used a global variables (sid2015596...) for http_header because my test on pcap fire four times for each signature.



More information about the Bro mailing list