[Bro] Bro behavioral analysis
jlay at slave-tothe-box.net
Wed Jul 29 05:59:53 PDT 2015
On Wed, 2015-07-29 at 14:08 +0200, Savakh S wrote:
> Can someone explain why Bro is said "behavioral" IDS and give an
> example ? I understand Bro can perform protocol analysis, DPI, by its
> analyzers, but what about "behavioral" ?
> Thanks in advance.
> Bro mailing list
> bro at bro-ids.org
Consider the below:
##! A script for handling URLs in SMTP traffic. This script does
##! two things. It logs URLs discovered in SMTP traffic. It
##! also records them in a bloomfilter and looks for them to be
##! visited through HTTP requests.
##! Authors: Aashish Sharma <asharma at lbl.gov>
##! Seth Hall <seth at icir.org>
That may fit the bill as "behavioral".
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro