bro not alert nessus attack

Hi Bz Oz,

It depends on what you are testing with nessus and how are you testing it.
Bro should be able to detect scanning, ssh-bruteforce, sql injection, htp-bruteforce etc. by default.
Hence, if you are scanning the systems from your nessus machine, and if Bro is able to sniff that traffic, then scanning get reported in notice.log file.
It might not able to detect all the attacks that you launch from nessus, unless you have custom scripts/plugins installed in Bro.