Thursday, August 18, 2016

Bro 2.5 Beta

We are happy to announce the beta of Bro v2.5 is available for download! Here is a brief summary of some of the new features and improvements:
  • Bro now includes the NetControl framework. This framework allows easy interaction with hard- and software switches, firewalls, etc. 
  • Support for the SMB protocol (SMB1 and SMB2), including GSSAPI and NTLM.
  • Support for the remote framebuffer protocol (RFB), that is used by VNC servers for remote graphical display.
  • The Intelligence framework was refactored and extended. It now supports, for example subnet indicators and item deletion/expiration.
Binary packages of the beta are also available.

See NEWS for preliminary release notes and CHANGES for the exhaustive commit list.

Feedback is encouraged and should be sent to the Bro mailing list. As previously stated, we do not recommend using a beta release for production use.

Thursday, July 14, 2016

@Bro_IDS: Your Bro News Feed

Since we created the Bro Twitter account @Bro_IDS in 2011, the channel has turned into one of the most effective ways for reaching out to the Bro community. Every Tweet now reaches more than 5000 followers and counting.

While @Bro_IDS serves us as a microphone for our own updates, we have also always been liberal with retweeting news from the broader Bro community, hoping to help create visibility for Bro’s diverse user population around the world. However, with the tremendous audience that @Bro_IDS is now reaching, there comes responsibility, too. To ensure that the @Bro_IDS team’s decisions remain fair and transparent, the Bro Leadership Team has recently devised a set of guidelines for the account that we would like to share.

Overall, we see @Bro_IDS as serving as a distributor of news related to Bro, covering activity from both the Bro Project itself as well as from the broader community. For the project’s own messages, we may tweet about recent developments, events that the team’s involved with, or external pointers that we deem interesting. As a general rule, if a Tweet originates from @Bro_IDS, it represents the voice of the project.

We use a different policy when retweeting from the community. Generally, we are happy to retweet Bro-related news from users and organizations; just make sure to include @Bro_IDS in your Tweet so that we will see it. This does explicitly include corporate announcements—we are happy to provide visibility for, e.g., products and services, or relevant job postings, as long as they involve a substantial Bro component. However, @Bro_IDS does not endorse external organizations or content. When we retweet, we do so from a neutral perspective, and without judgement.

Our rules for deciding what to retweet are pretty straight-forward: the Tweet must be directly related to Bro; it must not substantially overlap with anything we have already passed on recently; and it must not create the impression, directly or indirectly, that the Bro Project would endorse the content. As an exception, for non-commercial activity we may occasionally also forward news that’s not directly Bro-centric if it still appears relevant to a large part of the Bro community; examples would be the newest OpenSSL vulnerability, or an interesting research paper in the space. We usually do not retweet follow-up conversations unless there’s significant additional information that warrants an update on its own.

We believe that through this policy, @Bro_IDS can serve the Bro community as a valuable, fair source of news. To receive all the updates, make sure to follow @Bro_IDS. If you want to reach the Bro community for your announcement, include @Bro_IDS in your Tweet.

The Bro Team

Saturday, June 4, 2016

BroCon ’16 CFP deadline extended to June 10th

Bro Community,

We are extending the BroCon ’16 call for presentations deadline to Friday, June 10th. For more information about the CFP, see our blog post. And don't forget to register!

See you in September,

The Bro Project

Friday, May 27, 2016

Reminder: Upgrade your Bro installation! Stability updates in 2.4.1

Reminder: Upgrade your Bro installation! Stability updates in 2.4.1

Bro 2.5 is not far away, but in the meantime you should upgrade to Bro 2.4.1. This is the latest stable release. If you are running 2.4 the upgrade to 2.4.1 won't break your config. This release contains important fixes without changing Bro's functionality.
Not sure which one your version is? 'bro --version' will tell you.

Check the change log here.

Monday, May 23, 2016

Reminder: BroCon ’16 CFP ends Friday June 3rd

Interested in presenting at BroCon ’16 this year? Our call for presentations ends Friday, June 3rd.

We are looking for talks to represent the many applications of Bro. Suitable topics include, but are not limited to:
  • as a tool for solving problems;
  • interesting user stories, solutions, or research projects;
  • a postmortem analysis of a security incident, emphasizing Bro’s contribution;
  • the value Bro brings to your professional work;
  • and, using Bro for more than intrusion detection.
Criteria for evaluating proposals include whether the topic is applicable to multiple types of organizations, gives people ideas to take home and use, can be understood by a broad audience, or is novel to many in the audience. Scrolling through our YouTube Channel may provide some insight into the types of presentations we wish to feature. Plan on limiting your talk to 30-35 minutes with an additional 10 minutes for questions/comments.

Send abstracts (max 500 words) to:
Subject: BroCon 2016 Call for Presentations
Submission due date: Friday, June 3rd
Target date for announcing speakers: Friday July 1st

Proposals are selected by the Bro Leadership Team:
  • Seth Hall, International Computer Science Institute
  • Keith Lehigh, Indiana University
  • Vern Paxson, University of California at Berkeley / International Computer Science Institute
  • Michal Purzynski, Mozilla Foundation
  • Aashish Sharma, Lawrence Berkeley Lab
  • Adam Slagell, National Center for Supercomputing Applications
  • Robin Sommer, International Computer Science Institute

Tuesday, May 17, 2016

Talk to us! - The Bro team's communication channels

Talk to us! - The Bro team's communication channels

Bro is now more than 20 years old. The community has grown in size and diversity. In response we made some changes to the ways the Bro community can communicate with us.


We are currently testing Gitter, a chat system designed for developers. Please join the Bro channel. You can browse to it at, download the native apps, or connect via IRC. Currently, we have a Bro room and Broker room. We're looking forward to seeing you there! The test will go on for a couple more weeks. Please give feedback in Gitter or to about this.


Our IRC channel #bro on Freenode is the well established chat where many people of the community as well as some Bro developers will answer questions.

The Bro Mailing Lists

We also will continue to maintain our mailing lists. The most important ones are,, and is our general user mailing list. If you prefer mail over chat, this should be your first address whenever you get stuck using Bro or want to understand something. Experienced Bro users and members of Bro's developer team answer on this list. is a low traffic mailing list used to announce Bro events, code releases, and other important news. is the mailing list you should subscribe to if you want to follow or participate in discussions on Bro's future from a developer perspective. On this list we discuss design and feature decisions, and also how to resolve problems and bugs. We recently moved automated mails from our ticket system away from this list to reduce the noise. The immediate effect was an increase in productive discussions.


Our Twitter channel is @Bro_IDS. This is our channel for quick and short news, too small for bro-announce or a blog post.

Bro Community and other ways to reach us

More options to listen or talk to us are listed on our Community page.
If you need to talk to us in private about logistics, donation offers, or other special requests, you can write to

A little reminder and request to the community: As an open source project the Bro team tries to help wherever possible with using and developing Bro. Please send technical questions to one of the mailing lists, though; not to That way the broader Bro community gets a chance to chime in as well, and everybody will benefit from any responses.

The Bro User Community

We want to take this opportunity to thank all our users and contributors! Please keep talking to us.

Friday, January 29, 2016

BroCon ’16: Sept. 13th - 15th in Austin, TX

We are happy to announce that BroCon ’16 will occur on Tuesday, September 13th - Thursday, September 15th at the Texas Advanced Computing Center in Austin, Texas.

See our event page:

Early bird registration is open! CFP is open!

Interested in sponsoring BroCon? Contact us at for more information.

Thank you for your continued support, and see you in September!

The Bro Project