[Bro] Emerging Threats signatures on Bro ids ?
Martin Holste
mcholste at gmail.com
Fri Aug 10 15:33:45 PDT 2012
Your best bet would be to try to convert the ET USER_AGENTS signatures
and modify them for inclusion in
https://github.com/grigorescu/bro-scripts/blob/9d59a7a482b068304a2d33a3c9c8dc696c176650/scripts/http-exe-bad-attributes.bro
. That would be a good start.
On Fri, Aug 10, 2012 at 7:19 PM, rmkml <rmkml at yahoo.fr> wrote:
> Hi,
>
> Anyone interested for supporting / converting Emerging Threats [ET] signatures on Bro IDS ?
>
> - convert on regexp bro format (if threats are easy)
>
> - or better convert to a bro powerful language... (more complex threats)
>
> Not a automatic converter, need (long long) review all signatures for understand threats and use better (bro) converter...
>
> What do you think ?
>
> Im interested if anyone are running futur bro+ET direct feedback... (FP, FN, performance....)
>
> Happy Detect with Bro, Suricata and Snort.
> Regards
> Rmkml
>
> http://twitter.com/rmkml
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list