Snort to Bro

Jules · March 9, 2007, 9:53am

hi there

How can i convert Snort rules to BRO ?

regards,
Jules

robin · March 9, 2007, 7:09pm

Bro ships with a script snort2bro but is it somewhat outdated and
does not support some of the newer Snort options.

Robin

Jules · March 9, 2007, 7:29pm

Thanks Robin

is there any better solution? Can i just rely on Bro policies? will that be enough? is there a real difference betwen the snort rules and Bro policies?

Robin Sommer wrote:

robin · March 9, 2007, 8:13pm

Well, the systems' detection approaches are quite different. Bro
does not primarily rely on pattern matching as Snort does; its
policies use a different abstraction. You can't really compare the
two.

Robin

Topic		Replies	Views
Snort to Bro Zeek	1	55	May 6, 2022
is snort2bro missing from 0.9-current Zeek	1	68	May 6, 2022
is snort2bro missing from 0.9-current Zeek	1	82	May 6, 2022
False positive Zeek	4	59	May 6, 2022
how to use a snort rule in Bro Zeek	1	51	May 6, 2022

Snort to Bro

Related Topics