[Bro] windows?

[Christian Kreibich]

On Fri, 2006-12-08 at 15:21 -0800, Jim Mellander wrote:
> 1. Bro people are less than enthusiastic about Windows
> 2. It seemed to add value as a way for internal hosts to have a
> lightweight IDS capability, which could potentially report back to a
> central station.
> 3. It adds a dimension to internal monitoring that e.g. Netflow doesn't
> have, as it gives the opportunity for detection of intra-subnet scanning
> or other malicious activities.

Maybe I need to stress that I was referring only to Bro itself. If you
want to feed Windows host-based information into your monitoring setup,
for example, then Broccoli is very much an option. I can't guarantee
that it'll currently build out of the box on Windows, but I successfully
ran Windows Broccoli apps a while back. Having Broccoli work on as many
platforms as possible is definitely our intention, and patches as well
as experience reports are very welcome.

Cheers,
Christian.
-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org