[Bro] How to implement state machine in bro?
Scott Beaupied
sbeaupied at salesforce.com
Tue Apr 4 17:46:14 PDT 2017
What could really be used is a multi-thread manager. We're running into
issues with "best practices" due to the single threading of the mgr and HW
limits in our cluster.
On Tue, Apr 4, 2017 at 8:30 PM, Luo Xin <kingsleyluoxin at hotmail.com> wrote:
> Recently, I have really been fascinated by the elegance of bro, and I have
> read some source codes of bro. Now I do want to add something to make bro
> stronger. With the increasing attention paid to anomaly detection, I would
> like to implement a specification based anomaly detection in bro. One of my
> available ideas is to implement protocol specification by means of protocol
> state machine. I do wonder how to accomplish that in bro. Is here anyone
> that has any idea or has done something similar before?
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Scott Beaupied
Senior Security DevOps Engineer, Pardot.com
Salesforce.com, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170404/6276f9a2/attachment.html
More information about the Bro
mailing list