[Bro] Bro Signature Framework Examples
liam.randall at gigaco.com
Wed Feb 4 05:52:38 PST 2015
If you look under policy/frameworks/signatures/detect-windows-shells.sig:
You'll find an example signature that ships with Bro. Additionally, each
protocol analyzer is enabled by a signature used in the dynamic protocol
detection (dpd) process; for example please see http's signature:
There are a lot of novel uses of signatures in Bro; in Jon bitcoin mining
protocol detection he uses a signature to enable an analysis process:
Many of the "signatures" you would use to find basic indicators of
compromise (domains, ip addresses, file hashes, etc) are handled by the
On Wed, Feb 4, 2015 at 7:09 AM, <just2 at arcor.de> wrote:
> Hello everyone,
> for testing purposes, I want to run Bro with signatures (similar to Snort).
> On https://www.bro.org/sphinx/frameworks/signatures.html it is described
> how to configure bro to use a signature file.
> However, I did not find a sample signature file. Also, it is stated that
> Snort signatures can no longer be transfered to Bro.
> Is there another way to (easily) import a bulk of the most common
> signatures? Is there any example file?
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro