Snort 2 Bro Utility

rahul_rakesh · April 2, 2018, 6:43am

Dear Team,

Can anyone please share snort2bro utility as i just wanted to know how the conversion is done. It will help me writing signatures.

Regards,

Rahul

Patrick_Kelley · April 2, 2018, 1:43pm

Rahul,

That utility has been long deprecated, largely due to difference in approach by Snort and Bro.

I’ll share the demo signature below. As always, feel free to reach out directly, should you need.

signature my-first-sig {
    ip-proto == tcp
    dst-port == 80
    payload /.*root/
    event "Found root!"
}

Topic		Replies	Views
False positive Zeek	4	54	May 6, 2022
load snort signature in bro Zeek	1	88	May 6, 2022
signatures: pros/cons, future plans for bro Zeek	2	66	May 6, 2022
Using snort signatures in Bro Zeek	2	59	May 6, 2022
is snort2bro missing from 0.9-current Zeek	1	66	May 6, 2022