Can Bro detect some attacks against Microsoft OS vulnerability?

Hello, all.

I have a question about Bro rules.
Does Bro have some rules of detecting attacks against Microsoft OS

I attempted to attack against MS03-026 vulnerability of Windows_XP_SP1
on the VMware using Dcom attack code.
Though, Bro does not detect this attack.

If you have a lot of infomation relating to these problem, could you
give me advice?

Thank you.


As far i know, "Bro" relies on specific network patterns to detect bad things,
as soon as there's one that match, the IDS will fire up an alarm.

So if "Bro" knows about the DCOM attack, it'll send a notification.

Best regards.