[Bro] Community source for rules

fatema bannatwala fatema.bannatwala at gmail.com
Tue Oct 10 12:16:29 PDT 2017


Then, I think you might want to look at the Bro scripting language,
although still you have to script what you are looking for.
Bro has started this awesome Bro-pkg manager project, which is similar to a
central repository,
for hosting the various Bro scripts that community can get benefit from:

Here's the list of packages, available for the community to download and
install:
https://github.com/bro/packages

Also, there are many individual Bro scripts available on github.
If interested, there's this script from Fox-IT regarding ransomeware
detection using SMB:
https://github.com/fox-it/bro-scripts/tree/master/smb-ransomware

-Fatema.


On Tue, Oct 10, 2017 at 2:43 PM, matthieu <matthieu at treussart.com> wrote:

> Hi
> Thank you for your reply.
>
> Yes I know snort2bro, but I use Snort or Suricata for this rules.
> I was hoping there was a Bro rules contribution available on the Internet.
> Generic rules that answer to the actuality like WannaCry (SMB) …
>
> Matthieu
>
>
>
>
> On 10 Oct 2017, at 14:36, fatema bannatwala <fatema.bannatwala at gmail.com>
> wrote:
>
> Hi Matthieu,
>
> I am not aware of any source available for Bro signatures (rules, if
> that's what you meant),
> however, there used to be a script snort2bro that converted snort
> signatures/rules to corresponding Bro sigs, but not maintained anymore.
>
> Not sure what you are looking to solve, but if you know what you are
> searching for in your traffic,
> then you might want to take a look at the Bro's Signature Language, to
> write your own signatures.
> Here's the link: https://www.bro.org/sphinx/frameworks/signatures.html
>
> Hope this helps.
>
> -Fatema
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171010/1823fd14/attachment.html 


More information about the Bro mailing list