useful *.bro files repository?
Anton Chuvakin, Ph.D.
anton at netForensics.com
Fri Feb 7 11:36:10 PST 2003
Vern and all,
Bro is up and running on our site, thanks to this list for the help with
the compilation!
I was wondering if there is (or SHOULD BE) a repository of useful *.bro
policies to use for different cases. Right now I am running with '@load
mt' and some other @load's which I semi-intelligently selected from the
policies dir, but I noticed there is a bunch of other fun bro files. Which
of them are useful and when?
Also, I understand that rules.bro is undocumented, but can I get ANY hints
on its functionality beyond what I can figure from looking at the files
itself...?
BTW, I was also about to ask how to best collect and analyze alerts, but I
my have an answer to this one. Our product might soon collect Bro alerts
and report on them (in the context of other security event messages).
Best,
--
Anton Chuvakin, Ph.D., GCIA - http://www.info-secure.org
Senior Security Analyst
netForensics - http://www.netForensics.com
732-393-6071
More information about the Bro
mailing list