Bro v2.6.1 release: powerful network analysis framework

Bro Network Security Monitor

Bro is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers the flexibility to customize analysis pretty much arbitrarily

Bro Network Security Monitor


  • Adaptable

    Bro’s domain-specific scripting language enables site-specific monitoring policies.

  • Efficient

    Bro targets high-performance networks and is used operationally at a variety of large sites.

  • Flexible

    Bro is not restricted to any particular detection approach and does not rely on traditional signatures.

  • Forensics

    Bro comprehensively logs what it sees and provides a high-level archive of a network’s activity.

  • In-depth Analysis

    Bro comes with analyzers for many protocols, enabling high-level semantic analysis at the application layer.

  • Highly Stateful

    Bro keeps extensive application-layer state about the network it monitors.

  • Open Interfaces

    Bro interfaces with other applications for real-time exchange of information.

  • Open Source

    Bro comes with a BSD license, allowing for free use with virtually no restrictions.

Bro v2.6.1 releases.


  • * Improve introspection of Record and TypeType values (Jon Siwek, Corelight) 
  • * TypeType values are now printable and yield the type name/alias
  • * Fix record_fields BIF to return correct type name for fields
  • * Allow TypeType values that point to a RecordType to be used with record_fields BIF 
  • * Bro plugins should support a patch version (x.y.z) (Jon Zeolla)
  • * GH-148: add priority to DNSSEC event handlers (Jon Siwek, Corelight)


  • * DNSSEC support (Fatema Bannat Wala)
  • More




Copyright (c) 1995-2016, The Regents of the University of California through the Lawrence Berkeley National Laboratory and the International Computer Science Institute. All rights reserved.