Intrusion prevention

Is there any plan to make Bro run in 'inline' mode as an IPS ?

We're doing this as part of a DOE-sponsored project for coupling Bro with
custom hardware (per Chema's comments about his thesis work). The resulting
design will support Bro running as a stand-alone IPS (i.e., without needing
the custom hardware), though that's not our near-term focus.

    Vern

Will it be interfacing with a firewall like iptables (like snort-inline does) ?

Thanks

Adayadil Thomas wrote:

Will it be interfacing with a firewall like iptables (like snort-inline
does) ?

Sort of.

I'm writing the details for my thesis. Will let you know once it's
finished.

-Chema