[Bro] Emerging Threats signatures on Bro ids ?
rmkml
rmkml at yahoo.fr
Sun Aug 12 16:01:59 PDT 2012
Hi,
ok please found second alpha release update (open-gpl) Emerging Threats signatures :
http://88.191.140.111/et_bro2_11aug.bro
(contains only 37 signatures, fixed one bug on previous rule set)
Im always interested if you have comments/feedback/flame/performance/FP/FN please.
Futur work:
1) I have a small pb on this bro powerful language:
-I have used a global variables (sid2015596...) for http_header because my test on pcap fire four times for each signature.
2) find case insensitive more "simplify" regexp ?
3) adding local_net / external_net...
Regards
Rmkml
http://twitter.com/rmkml
More information about the Bro
mailing list