[Bro] Fwd: Bro Anomaly Detection
anthony kasza
anthony.kasza at gmail.com
Thu Feb 13 22:21:01 PST 2014
Technically, many of Bro's protocol identification capabilities (use by
Bro's anomaly detection capabilities) utilize Bro's signature framework.
On Feb 13, 2014 10:04 PM, "Mr Smith" <engineer.demo2020 at gmail.com> wrote:
>
>
>
> Hi, I have two questions regarding the Bro anomaly detection capability.
> 1.How does the Bro detect anomalies? Using writing rules(anomaly rules) or
> using a separate module ?
> 2.Is it possible to run the signature-based and anomaly-based parts of Bro
> separately?
> I mean, can the Bro be used only for the detection of anomalies.If it is
> possible, how?
> Thanks
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140213/014d72b9/attachment.html
More information about the Bro
mailing list