Bro Network Security Monitor
Bro is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers the flexibility to customize analysis pretty much arbitrarily
Bro’s domain-specific scripting language enables site-specific monitoring policies.
Bro targets high-performance networks and is used operationally at a variety of large sites.
Bro is not restricted to any particular detection approach and does not rely on traditional signatures.
Bro comprehensively logs what it sees and provides a high-level archive of a network’s activity.
Bro comes with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
Bro keeps extensive application-layer state about the network it monitors.
Bro interfaces with other applications for real-time exchange of information.
Bro comes with a BSD license, allowing for free use with virtually no restrictions.
Bro v2.6.1 releases.
- * Improve introspection of Record and TypeType values (Jon Siwek, Corelight)
- * TypeType values are now printable and yield the type name/alias
- * Fix record_fields BIF to return correct type name for fields
- * Allow TypeType values that point to a RecordType to be used with record_fields BIF
- * Bro plugins should support a patch version (x.y.z) (Jon Zeolla)
- * GH-148: add priority to DNSSEC event handlers (Jon Siwek, Corelight)
- * DNSSEC support (Fatema Bannat Wala)
Copyright (c) 1995-2016, The Regents of the University of California through the Lawrence Berkeley National Laboratory and the International Computer Science Institute. All rights reserved.