Hello,
The connection log generated by Bro provide a services field which declare the application layer protocol which was used in that connection, I’ve noticed that it sometimes uses ’ - ’ instead of known protocol, could you please tell what does this sign stand for?