I had a general question regarding Bro.
Can we classify it under Rule based or Anomaly based as usually IDSs are
I would guess it is a Rule based one. Is there any anomaly detection in
When it is stated that an IDS can withstand upto or greater than 'X'
do we make any assumptions regarding the number of rules in the
rule-based IDS ?
I would think as the rules increases, the traffic that the IDS can
withstand should decrease.
thanks a lot