Fw: [Bro] False positive
Christian Kreibich
christian at whoop.org
Thu Jul 21 17:32:59 PDT 2005
Hi,
On Thu, 2005-07-21 at 20:48 -0300, Angelita de Cássia Corrêa wrote:
> Hi, I saw at documentation about snort2bro, it converts Snort's signature
> into Bro signatures, I think using this I will analyse the alerts like I
> need.
>
> How can I obtain the snort2bro script to do this convertation? or Does the
> bro have another way to analyse de signatures?
snort2bro is contained in the latest 0.9 development release and can be
found in scripts/s2b/bin/. There's also some material on it at
http://www.icir.org/twiki/bin/view/Bro/SnortTwoBro
However I don't know if that information is still accurate.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list