Er, doesnt this come with massive overhead? Also, file inspection rules are non-trivial. Given the number of files that bro processes, it seems that on anything other than a very tiny link this would cause giant problems…
Erik has a good point about overhead. So for offloading (and because I love python) I threw together the Bro to Python repo and added a yara example.
Might be useful if you like Python… shrug…donno… just throwing it out there