[Bro] Snort Rules
anthony kasza
anthony.kasza at gmail.com
Thu Apr 4 08:33:36 PDT 2013
As a fellow newbie, I feel the best answer is "don't".
To me, Bro seems better suited for flow like analysis, not byte-by-byte
packet analysis.
On Thu, Apr 4, 2013 at 10:25 AM, Parker, Jonathan E. <jep at g-c-i.net> wrote:
> I’m a Bro newbie and I’ve been tasked to look at using Bro to perform
> analysis on Pcap files. We’d like to utilize some existing Snort rules
> in this analysis. A number of the Snort rules contain “offset” and
> “depth” parameters. I’d appreciate some advice on how to accomplish
> doing these Snort alerts in Bro.
>
>
> Thanks – Jon
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130404/8e1e5627/attachment.html
More information about the Bro
mailing list