I am successfully running BRO 0.90 in a test environment. Now I would like to write (and contribute to the BRO project) an LDAP analyzer. I have a customer that wants to monitor and protect their LDAP repository. What I am proposing is installing BRO specifically tuned and configured for LDAP analysis.
Obviously, I'm new to BRO. I looked through the documentation and was not able to find anything on extending BRO's collection of analyzers. I'm especially interested on how to define event_handlers for custom policy scripts that leverage the LDAP analyzer. Can anybody vector me in the right direction?