[Bro] Community source for rules

fatema bannatwala fatema.bannatwala at gmail.com
Tue Oct 10 12:16:29 PDT 2017

Then, I think you might want to look at the Bro scripting language,
although still you have to script what you are looking for.
Bro has started this awesome Bro-pkg manager project, which is similar to a
central repository,
for hosting the various Bro scripts that community can get benefit from:

Here's the list of packages, available for the community to download and

Also, there are many individual Bro scripts available on github.
If interested, there's this script from Fox-IT regarding ransomeware
detection using SMB:


On Tue, Oct 10, 2017 at 2:43 PM, matthieu <matthieu at treussart.com> wrote:

> Hi
> Thank you for your reply.
> Yes I know snort2bro, but I use Snort or Suricata for this rules.
> I was hoping there was a Bro rules contribution available on the Internet.
> Generic rules that answer to the actuality like WannaCry (SMB) …
> Matthieu
> On 10 Oct 2017, at 14:36, fatema bannatwala <fatema.bannatwala at gmail.com>
> wrote:
> Hi Matthieu,
> I am not aware of any source available for Bro signatures (rules, if
> that's what you meant),
> however, there used to be a script snort2bro that converted snort
> signatures/rules to corresponding Bro sigs, but not maintained anymore.
> Not sure what you are looking to solve, but if you know what you are
> searching for in your traffic,
> then you might want to take a look at the Bro's Signature Language, to
> write your own signatures.
> Here's the link: https://www.bro.org/sphinx/frameworks/signatures.html
> Hope this helps.
> -Fatema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171010/1823fd14/attachment.html 

More information about the Bro mailing list