[Bro] Community source for rules
matthieu
matthieu at treussart.com
Tue Oct 10 11:43:23 PDT 2017
Hi
Thank you for your reply.
Yes I know snort2bro, but I use Snort or Suricata for this rules.
I was hoping there was a Bro rules contribution available on the Internet.
Generic rules that answer to the actuality like WannaCry (SMB) …
Matthieu
> On 10 Oct 2017, at 14:36, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
>
> Hi Matthieu,
>
> I am not aware of any source available for Bro signatures (rules, if that's what you meant),
> however, there used to be a script snort2bro that converted snort signatures/rules to corresponding Bro sigs, but not maintained anymore.
>
> Not sure what you are looking to solve, but if you know what you are searching for in your traffic,
> then you might want to take a look at the Bro's Signature Language, to write your own signatures.
> Here's the link: https://www.bro.org/sphinx/frameworks/signatures.html <https://www.bro.org/sphinx/frameworks/signatures.html>
>
> Hope this helps.
>
> -Fatema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171010/90613354/attachment.html
More information about the Bro
mailing list