[Bro] Adding new signatures
Robin Sommer
robin at icir.org
Tue Jun 27 12:54:09 PDT 2006
On Tue, Jun 27, 2006 at 11:53 -0700, Vern Paxson wrote:
> If that's your goal, then you should start quite differently. For Bro,
> signatures are a handy add-on, but not the heart of its analysis.
Though they can be used to detect the protocol in the first place,
to then trigger further analysis via a protocol-specific analyzer.
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICIR/ICSI * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list