[Bro] Snort Rules
mcholste at gmail.com
Fri Apr 5 09:41:08 PDT 2013
Yes, use Suricata or Snort for Snort rule analysis, and combine the output
there with Bro output. That will give you great data to supplement the IDS
alerts and will be most efficient both in CPU time and human time.
On Thu, Apr 4, 2013 at 10:33 AM, anthony kasza <anthony.kasza at gmail.com>wrote:
> As a fellow newbie, I feel the best answer is "don't".
> To me, Bro seems better suited for flow like analysis, not byte-by-byte
> packet analysis.
> On Thu, Apr 4, 2013 at 10:25 AM, Parker, Jonathan E. <jep at g-c-i.net>wrote:
>> I’m a Bro newbie and I’ve been tasked to look at using Bro to perform
>> analysis on Pcap files. We’d like to utilize some existing Snort rules
>> in this analysis. A number of the Snort rules contain “offset” and
>> “depth” parameters. I’d appreciate some advice on how to accomplish
>> doing these Snort alerts in Bro.
>> Thanks – Jon
>> Bro mailing list
>> bro at bro-ids.org
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro