Intrusion prevention


Is there any plan to make Bro run in 'inline' mode as an IPS ?


As part of my thesis work, I've instrumented Bro to work as IPS. (It
just requires injecting back traffic after having analyzed it.)


Adayadil Thomas wrote:

I don't really know what the plans are but I find that bro runs better as a application logger rather then something like snort. This is just my $0.02 so plz take it as such :slight_smile:


Adayadil Thomas wrote: