Use cases of Bro for Threat hunting

Hi all,

Can you please share some use cases of Bro in threat hunting. Examples like Bro logs in term of validating particular hypothesis for threat hunting. Will really appreciate if you can share some great resources here.



Here’s a link to some uses case examples -

I’m sure others on the list can point you to more specific uses cases.


One useful source might be Liam Randall’s training materials, which you can find at

An example of identifying and tracing the behavior of specific malware samples is

Additionally, some of the presentations at BroCon 2017 went into detail about identifying/analysing specific real-world threats: