[Bro] Questions about signature regexes
Graham Freeman
gfreeman at ucdavis.edu
Mon Jan 30 14:45:12 PST 2006
On Jan 30, 2006, at 9:19 AM, Aashish Sharma wrote:
> Hi Robin :
>
>> (That reminds me that I've a prototypical pcre->bro converter lying
>> around somewhere. But actually there doesn't seem to be much
>> interest in automatically converting Snort sigs these days.)
>>
>
> We have been using snort2bro script, but it has quite a few
> limitations. A better, more comprehensive automatic conversion tool
> would definitely be something I would be interested in to use with
> our bro installation.
>
> Just thought I should put it on the table.
>
> Thanks
> Aashish Sharma
>
Although we're likely to significantly re-architect our IDS
infrastructure soon, we would be happy with a more comprehensive and
modern snort2bro functional equivalent. Being stuck with the Snort
v2.2 ruleset is one of the downsides that would be nice to fix.
If we end up modifying snort2bro or writing our own (unlikely), I'll
advocate that we contribute it to the Bro project.
Graham Freeman
Datacenter Security Administrator
IET - Datacenter & Client Services
University of California at Davis
gfreeman at ucdavis.edu
GPG Key 0xFEE4DF44
More information about the Bro
mailing list