[Bro] Snort Rules

anthony kasza anthony.kasza at gmail.com
Thu Apr 4 08:33:36 PDT 2013

As a fellow newbie, I feel the best answer is "don't".
To me, Bro seems better suited for flow like analysis, not byte-by-byte
packet analysis.

On Thu, Apr 4, 2013 at 10:25 AM, Parker, Jonathan E. <jep at g-c-i.net> wrote:

>  I’m a Bro newbie and I’ve been tasked to look at using Bro to perform
> analysis on Pcap files.  We’d like to utilize some existing Snort rules
> in this analysis.  A number of the Snort rules contain “offset” and
> “depth” parameters.  I’d appreciate some advice on how to accomplish
> doing these Snort alerts in Bro.
>  Thanks – Jon
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130404/8e1e5627/attachment.html 

More information about the Bro mailing list