Check Syntax Bro scripts


Are there any Bro rules available via HTTP (like Open EmergingThreats) ?


As a long time snort user, I asked a similar question when I first started getting into Bro.

The short of it is no.

If you're looking for a repository that is constantly updated, I don't know of anything like that available.

However, if you want a similar function to ET rules available to you, Bro can do that.

Based on my needs I decided to write some Bro scripts that perform a similar function to my most triggered ET rules.

In the same vein you can find scripts/sigs on github that may be of interest to you.

Snort2bro really is the kind of endgame for this and I have wanted to revive this project for a number of years. One of my guys has been working on it for about 6 months and has made some progress, however, he is leaving in December. I intend to continue development myself at that time.