Bro can be classified as a protocol-analysis NIDS, right ?
I know it does signature/pattern matching too but
it does lot of protocol analysis too, right ?
So is it correct to classify bro more like a protocol
analysis ids rather than sig-based ?
it would be GREAT if anyone could drop a quick reply/comment..
thanks