[Bro] Emerging Threats signatures on Bro ids ?
rmkml
rmkml at yahoo.fr
Sat Aug 11 17:41:49 PDT 2012
Hi,
Ok first alpha release on yesterday update (open-gpl) Emerging Threats signatures :
http://88.191.140.111/et_bro2_10aug.bro
(contains only 13 signatures)
Im interested if you have comments/feedback/flame/performance/FP/FN please.
Tested on bro v2.0 with:
bro -C -r test.pcap et_bro2_10aug
Futur work:
I have a small pb on this bro powerful language:
-I have used a global variables (sid2015596...) for http_header because my test on pcap fire four times for each signature.
Regards
Rmkml
http://twitter.com/rmkml
More information about the Bro
mailing list