[Bro] About signatures
vitologrillo at gmail.com
Mon Oct 5 09:34:21 PDT 2015
i'm studying your signature framework
and i've found this explanation
" However, in our experience this didn’t turn out to be a very useful
thing to do because by simply using Snort signatures, one can’t
benefit from the additional capabilities that Bro provides; the
approaches of the two systems are just too different"
I understand that Bro and Snort have different approaches, but if i
need a detailed research on a specific string (for example) should i
write a script?And for several strings?
Which is the best approach to avoid signatures?
More information about the Bro