[Bro] Emerging Threats signatures on Bro ids ?

Seth Hall seth at icir.org
Mon Aug 13 10:02:40 PDT 2012

On Aug 13, 2012, at 12:38 PM, rmkml at yahoo.fr wrote:

> This is why I need feedback please.

Oh!  I forgot to include an alternate approach I thought of.  If you are still interested in going down this route, could you start by pulling out malicious software user-agents from the ET signatures?  That's something that would fit well and easily into Bro right now and into the intelligence framework in the future.

What do you think about that?  We can certainly start small with very well defined goals and move from there.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list