[Bro] Snort to Bro
Robin Sommer
robin at icir.org
Fri Mar 9 12:13:22 PST 2007
On Fri, Mar 09, 2007 at 19:29 +0000, Jules wrote:
> be enough? is there a real difference betwen the snort rules and Bro
> policies?
Well, the systems' detection approaches are quite different. Bro
does not primarily rely on pattern matching as Snort does; its
policies use a different abstraction. You can't really compare the
two.
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
LBNL/ICSI * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list