Fw: [Bro] False positive
Angelita de Cássia Corrêa
angelita at uol.com.br
Fri Jul 22 06:20:15 PDT 2005
Do I need to configure all configuration files like s2b.cfg, s2b-augment.cfg
? Or Do I have to execute this script with another parameters to convert de
signatures?
----- Original Message -----
From: "Christian Kreibich" <christian at whoop.org>
To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
Cc: "Bro List" <bro at bro-ids.org>
Sent: Thursday, July 21, 2005 9:32 PM
Subject: Re: Fw: [Bro] False positive
Hi,
On Thu, 2005-07-21 at 20:48 -0300, Angelita de Cássia Corrêa wrote:
> Hi, I saw at documentation about snort2bro, it converts Snort's signature
> into Bro signatures, I think using this I will analyse the alerts like I
> need.
>
> How can I obtain the snort2bro script to do this convertation? or Does
the
> bro have another way to analyse de signatures?
snort2bro is contained in the latest 0.9 development release and can be
found in scripts/s2b/bin/. There's also some material on it at
http://www.icir.org/twiki/bin/view/Bro/SnortTwoBro
However I don't know if that information is still accurate.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list