[Bro] Bro policy script language documentation
Marcos Rodriguez
marcos.e.rodriguez at gmail.com
Wed Sep 28 14:14:08 PDT 2011
2011/9/28 Roger Larsen - Høgskolen i Gjøvik <roger.larsen at hig.no>
> Dear Bro Team/Community,****
>
> ** **
>
> I am studying information security in Gjøvik University College (
> www.hig.no), master degree.****
>
> Present I am writing an article about Bro. In this case I struggle in
> finding detailed documentation regarding The Bro Policy Script Language.**
> **
>
> Can You please help me in this matter?****
>
> ** **
>
> Thanks!****
>
> ** **
>
> Best Regards,****
>
> ** **
>
> ** **
>
> Roger Larsen****
>
> Network manager & student J****
>
> ** **
>
> ** **
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
Hi Roger,
The Bro team is overhauling their documentation, but all is not lost! My
first suggestion would be to check out their workshop here:
http://www-old.bro-ids.org/bro-workshop-2009-2/agenda.html
Also, the documentation is included in the 1.5.3 tarball, however, the docs
are dated to about 2004. http://www-old.bro-ids.org has a wiki with more
updated docs (2007, I believe).
Also, get a feel for the scripts included with the tarball, as they are very
illuminating. They are the *.bro files in the /policy directory after
you've extracted the tarball.
Bro is very powerful from what little I've seen so far. I'm a Snort and
Suricata guy, and just recently read Vern Paxson's, et al, *"Robust TCP
Reassembly in the Presence of Adversaries" *paper and had to dive into Bro.
Martin Holste is a frequent poster here, and has actually written some nice
posts on his blog regarding Bro setup and clustering. Check it out here:
http://ossectools.blogspot.com/
Hope this helps!
marcos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20110928/f241b855/attachment.html
More information about the Bro
mailing list