Fw: [Bro] False positive

Angelita de Cássia Corrêa angelita at uol.com.br
Thu Jul 21 16:48:20 PDT 2005 

Hi, I saw at documentation about snort2bro, it converts Snort's signature
into Bro signatures, I think using this I will analyse the alerts like I
need.

How can I obtain the snort2bro script to do this convertation? or  Does the
bro have another way to analyse de signatures?


Thanks
Angelita

> ----- Original Message ----- 
> From: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
> To: "Martin Casado" <casado at cs.stanford.edu>
> Cc: <Bro at bro-ids.org>
> Sent: Tuesday, July 19, 2005 4:21 PM
> Subject: Re: [Bro] False positive
>
>
> Martin,
>
> I pretend to see what alerts bro detects. These information are not enough
> to analyse if each alert is an attempt or false positive. I  need alert
> information.
>
> Do you understand now?
>
> tks
> Angelita
>
> ----- Original Message ----- 
> From: "Martin Casado" <casado at cs.stanford.edu>
> To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
> Sent: Tuesday, July 19, 2005 3:23 PM
> Subject: Re: [Bro] False positive
>
>
> >
> >   I'm having a hard time understanding your email.  Could you please be
> > clear
> > about what you are trying to do?  Also, what policy scripts are you
> > using?  Are
> > you sure bro is the appropriate tool rather than a more straightforward
> > signature
> > detection engine such as snort?
> >
> >  .m
> >
> > >Sirs,
> > >
> > >What is the best form to analyse the BRO received packets?
> > >I need to calculate how many false positives bro detected in a
> determinated
> > >period.
> > >
> > >I didn't have success in reports, I continue receiving empty reports,
> then I
> > >need to analyse the logs or using other way to detect what event is a
> false
> > >positive and why is not.
> > >
> > >Please, can you help me?
> > >
> > >Thanks
> > >Angelita
> > >
> > >
> > >
> > >
> > >_______________________________________________
> > >Bro mailing list
> > >bro at bro-ids.org
> > >http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > >
> > >
> >
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>

More information about the Bro mailing list