[Bro] Snort 2 Bro Utility
Patrick Kelley
patrick.kelley at criticalpathsecurity.com
Mon Apr 2 06:43:27 PDT 2018
Rahul,
That utility has been long deprecated, largely due to difference in
approach by Snort and Bro.
I'll share the demo signature below. As always, feel free to reach out
directly, should you need.
signature my-first-sig {
ip-proto == tcp
dst-port == 80
payload /.*root/
event "Found root!"
}
On Mon, Apr 2, 2018 at 2:43 AM, rahul rakesh <rahulbroids at gmail.com> wrote:
> Dear Team,
> Can anyone please share snort2bro utility as i just wanted to
> know how the conversion is done. It will help me writing signatures.
>
>
>
> Regards,
> Rahul
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
*Patrick Kelley, CISSP, C|EH, ITIL*
*CTO*
patrick.kelley at criticalpathsecurity.com
(o) 770-224-6482
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180402/ad78ccd7/attachment.html
More information about the Bro
mailing list