Hello all,
I need to compare how bro and snort handle attacks in traffic captures.
I have my snort "sig" files, but I don't know the proper syntax of the
command line statement.
I used snort2bro to read my snort.conf file and the result was a file
with a number of bro signatures that I called snort.sig:
signature sid-xxx {
:
:
}
Can anyone help? I am using bro 0.8. I need to call the .sig file and
read my tcpdump capture file at the same time.
Thanks,
Bryan
Florida Tech