[Bro] Emerging Threats signatures on Bro ids ?
seth at icir.org
Mon Aug 13 10:02:40 PDT 2012
On Aug 13, 2012, at 12:38 PM, rmkml at yahoo.fr wrote:
> This is why I need feedback please.
Oh! I forgot to include an alternate approach I thought of. If you are still interested in going down this route, could you start by pulling out malicious software user-agents from the ET signatures? That's something that would fit well and easily into Bro right now and into the intelligence framework in the future.
What do you think about that? We can certainly start small with very well defined goals and move from there.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro