[Bro] How to implement state machine in bro?
sbeaupied at salesforce.com
Tue Apr 4 17:46:14 PDT 2017
What could really be used is a multi-thread manager. We're running into
issues with "best practices" due to the single threading of the mgr and HW
limits in our cluster.
On Tue, Apr 4, 2017 at 8:30 PM, Luo Xin <kingsleyluoxin at hotmail.com> wrote:
> Recently, I have really been fascinated by the elegance of bro, and I have
> read some source codes of bro. Now I do want to add something to make bro
> stronger. With the increasing attention paid to anomaly detection, I would
> like to implement a specification based anomaly detection in bro. One of my
> available ideas is to implement protocol specification by means of protocol
> state machine. I do wonder how to accomplish that in bro. Is here anyone
> that has any idea or has done something similar before?
> Bro mailing list
> bro at bro-ids.org
Senior Security DevOps Engineer, Pardot.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro