Hi
Are there any Bro rules available via HTTP (like Open EmergingThreats) ?
Thanks
Matthieu
Hi
Are there any Bro rules available via HTTP (like Open EmergingThreats) ?
Thanks
Matthieu
As a long time snort user, I asked a similar question when I first started getting into Bro.
The short of it is no.
If you're looking for a repository that is constantly updated, I don't know of anything like that available.
However, if you want a similar function to ET rules available to you, Bro can do that.
Based on my needs I decided to write some Bro scripts that perform a similar function to my most triggered ET rules.
In the same vein you can find scripts/sigs on github that may be of interest to you.
Snort2bro really is the kind of endgame for this and I have wanted to revive this project for a number of years. One of my guys has been working on it for about 6 months and has made some progress, however, he is leaving in December. I intend to continue development myself at that time.
Regards,
Eric