From jonkman at jonkmans.com Mon Jun 30 14:07:55 2008 From: jonkman at jonkmans.com (Matt Jonkman) Date: Mon, 30 Jun 2008 14:07:55 -0400 Subject: [Emerging Threats Announce] New Project: BRO Signatures Message-ID: <486920FB.8090803@jonkmans.com> By request we've a new project to share with you. CS Lee has lead the drive to get this going and is doing the heavy lifting in making it happen. What we are starting is a BRO Signature repository. We have many ET users already familiar with BRO. Over the last few months I've had a number of requests that some of our sigs be converted to BRO as many use both tools in different parts of their networks. Thanks to CS Lee for stepping up to lead this and get the work done. As many of you know, BRO is not intended to be a deep packet inspection engine as Snort is. BRO works more at the global level correlating trends and patterns over time vs individual attacks. It's a great tool, very powerful and used in many of the largest networks around the world, especially the gov't sector. You can learn more about BRO here -- http://www.bro-ids.org This project, nicknamed Emerging-Bro, is NOT going to be a full sig-for-sig conversion of our entire ET ruleset to BRO. It will NOT be an automated conversion script. BRO does not need an entire Snort ruleset converted to it, it looks for many very different things. But there are some thing we can contribute, especially high-profile current threats. CS Lee intends to convert the most important, and high-threat signatures to BRO as needed. He of course can use some help. If you're a BRO user or have some experience please hop in and help out. You can contact him at bro at emergingthreats.net. You can view the signatures already available here: http://www.emergingthreats.net/bro/ For the time being we'll have normal bro discussions on the emerging-sigs list, as most issues should be relevant to the same rule in both formats. But if there's a need we'll spin off a new list for bro specific discussions. We will also have available versions of our IP lists (RBN, Bot CnC, Spamhaus DROP, and others) available in that directory, updated daily as usual. If you have questions or sigs to go specifically to bro please email CS Lee at bro at emergingthreats.net or the usual address threats at emergingthreats.net. -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc