a quick doubt reg bro...

Bro can be classified as a protocol-analysis NIDS, right ?
I know it does signature/pattern matching too but
it does lot of protocol analysis too, right ?

So is it correct to classify bro more like a protocol
analysis ids rather than sig-based ?

it would be GREAT if anyone could drop a quick reply/comment..

thanks