[Bro] using YARA signatures within Bro
christian at corelight.com
Wed Feb 7 14:54:15 PST 2018
On 02/05/2018 02:03 PM, Ambros Novak wrote:
> I'm currently using YARA rules (yararules.yar) to inspect files from bro
> Besides using bro to inspect files with YARA, how can I get bro to use YARA
> rules to inspect traffic and also certificates?
Bro doesn't currently integrate YARA, but there's at least this plugin
that pulls YARA file analysis more directly into Bro:
We're considering expanding Bro's YARA support for file analysis and
potentially beyond, though much of that will need work on the YARA side
to make it operate in a more streaming-oriented fashion.
We'd definitely like to hear of Bro use cases for YARA that you guys can
More information about the Bro