Bro Signature Framework Examples

Hello everyone,
for testing purposes, I want to run Bro with signatures (similar to Snort).
On https://www.bro.org/sphinx/frameworks/signatures.html it is described how to configure bro to use a signature file.
However, I did not find a sample signature file. Also, it is stated that Snort signatures can no longer be transfered to Bro.
Is there another way to (easily) import a bulk of the most common signatures? Is there any example file?
Thanks,
Myra

Myra,

If you look under policy/frameworks/signatures/detect-windows-shells.sig:
https://github.com/bro/bro/blob/master/scripts/policy/frameworks/signatures/detect-windows-shells.sig

You’ll find an example signature that ships with Bro. Additionally, each protocol analyzer is enabled by a signature used in the dynamic protocol detection (dpd) process; for example please see http’s signature:
https://github.com/bro/bro/blob/master/scripts/base/protocols/http/dpd.sig

There are a lot of novel uses of signatures in Bro; in Jon bitcoin mining protocol detection he uses a signature to enable an analysis process:
https://github.com/jsiwek/bro_bitcoin

Many of the “signatures” you would use to find basic indicators of compromise (domains, ip addresses, file hashes, etc) are handled by the intelligence framework:
https://www.bro.org/sphinx/frameworks/intel.html

V/r,

Liam Randall