Hi,
I had a general question regarding Bro.
Can we classify it under Rule based or Anomaly based as usually IDSs are
classified ?
I would guess it is a Rule based one. Is there any anomaly detection in
Bro ?
When it is stated that an IDS can withstand upto or greater than 'X'
Mbps,
do we make any assumptions regarding the number of rules in the
rule-based IDS ?
I would think as the rules increases, the traffic that the IDS can
withstand should decrease.
thanks a lot
Ashley