[Bro] Bro Signatures

Zeolla@GMail.com zeolla at gmail.com
Thu Feb 15 07:11:16 PST 2018


You may also want to check out what bro ships with here -
https://github.com/bro/bro/tree/master/scripts

And what is available as bro packages (a new-ish platform for sharing bro
'things') - https://github.com/bro/packages

Jon

On Thu, Feb 15, 2018 at 10:08 AM Zeolla at GMail.com <zeolla at gmail.com> wrote:

> Bro doesn't really work that way, so it would be hard to make that
> comparison.
> https://www.bro.org/sphinx/frameworks/signatures.html#so-how-about-using-snort-signatures-with-bro
>
> Bro does have the concept of signatures, it's just used in a way that is
> very different than Snort would.  It may make sense to read more of
> https://www.bro.org/sphinx/frameworks/signatures.html
>
> There is also this - https://github.com/corelight/bro-protosigs - for
> using signatures in bro to do simple detection of some protocols, but it
> definitely isn't meant to work in the way Snort signatures would.
>
> Jon
>
> On Thu, Feb 15, 2018 at 8:36 AM Bibin Koshy <koshybibin3 at gmail.com> wrote:
>
>> Hi,
>>
>> I am trying to compare Snort and Bro IDS on the basis of
>> signatures/rules.Is there any repository for Bro rules/signatures? I
>> haven't got any signatures examples online. It would be a great help if you
>> could suggest some signatures to find basic attacks.
>>
>> Thank you
>> Bibin Koshy
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
-- 

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180215/c1543fe6/attachment-0001.html 


More information about the Bro mailing list