Now that it's the new year, I wanted to take a second to reiterate the changes that are coming to the project and where we are going.
We are several months into a 3 year grant from the National Science Foundation for improving the project on all fronts including code quality and supportability, "out of the box" detections, improved user support, and new documentation. We are planning on creating much more community involvement as well.
One way that anyone can get involved is to participate in the script comment periods that are going to be taking place soon on the bro-dev mailing list. We will be auditing and cleaning up *all* of the existing Bro scripts. It should be a good way for users to slowly accumulate knowledge about how Bro works and what it can and does detect.
This year we have the 1.6 release to look forward to which will have some major changes along with some minor ones. *Lots* of tickets in the tracker will be closed. If you pay attention to various sources, you'll probably hear about many of the features as they are developed.
Short upcoming list:
Snort/Suricata alerts supported in Bro through Barnyard2 (next release of barnyard2)
A few resources:
Please report bugs! http://tracker.icir.org/bro
Feel free to lurk on the bro-dev list! http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
One final item, I'm available for speaking engagements about all aspects of Bro (introduction to Bro, large/small installations, trace file processing, debugging, development, general advocacy, whatever). Please send email to email@example.com to see if I can attend your event.
I'm really looking forward to 2011 and helping you answer questions about your network! (along with finding intruders of course)