Thursday, October 20, 2016

Contributing to the Bro Project

Recently we have had a number of community members ask us for suggestions for contributing back to the Bro Project. We have updated the Community page on our website to reflect the new options available.

Custom Scripts and/or Plugins

We encourage Bro users to make their custom scripts and/or plugins available to the community by creating a package and submitting it to the Bro Package Source. See the README file of that GitHub repo for more instructions on how to create a package and submit it. Once your package is accepted, it becomes installable via the Bro Package Manager.

Patches and New Functionality

For working on the Bro codebase itself, work from our official GitHub mirrors or clone the master bro.org repositories directly from git://git.bro.org/<repo>. See our contribution guidelines for more information.

Writing Documentation

We are grateful for any corrections or contributions to documentation. Send documentation to info@bro.org or submit a ticket to our issue tracker.

Provide community support

Respond to user questions on the Mailing List, Twitter, IRC, and Gitter.

Financial Support

Become a Bro Future Fund sponsor, make an individual donation, or sponsor Bro events like BroCon.

Monday, October 3, 2016

Introducing the Bro Package Manager

Bro's New Package Manager

After a long period of being on Bro's development projects wishlist, Bro now has a working prototype of a package management tool.  The idea behind it is to provide Bro users with a command-line tool, bro-pkg, that they can use to manage third-party Bro scripts and/or plugins in the form of "packages."  At the same time, the project aims to provide a centralized location for anyone to share the Bro packages that they have developed, making them readily available to users of the package manager.  Ahead, we'll show some examples of its basic functions and capabilities.

Disclaimers

  • bro-pkg is new and there may still be bugs.
  • Packages installed via bro-pkg come with no guarantees.  Anyone is free to submit packages, so don't assume that any particular package is safe to install unless you have reason to trust the author or have reviewed the package's code yourself.

Basic Usage/Workflow

You can see the Bro Package Manager documentation for full usage/setup instructions, but here's a quick example of what using the package manager will look like.

Checking all available packages:
$ bro-pkg list all bro/0xxon/bro-sumstats-counttable - Two-dimensional buckets for sumstats (count occurences per $str). bro/broala/bro-long-connections bro/dopheide/bro_notice_correlation - Adds support for multi-notice correlation. bro/initconf/scan-NG - Clusterized scan-detection based of bro-1.5.3 scan-detection policies bro/jonzeolla/scan-sampling - Modified version of scan.bro to add destination IP sampling. bro/jsiwek/bro-test-package bro/sethhall/preit-card-exposure - Detect and log credit cards. bro/sethhall/domain-tld - Bro script library for getting the effective TLD of a domain. bro/sethhall/ssn-exposure - Detect and log US Social Security numbers.

Searching for interesting packages based on keyword tags:
$ bro-pkg search file analysis bro/sethhall/credit-card-exposure - Detect and log credit cards. bro/sethhall/ssn-exposure - Detect and log US Social Security numbers.

Get more information on a package:
$ bro-pkg info credit-card-exposure "bro/sethhall/credit-card-exposure" info: versions: [] package metadata (from version "master"): build_command = plugin_dir = build script_dir = scripts version = 1.1.0 index metadata: description = Detect and log credit cards. tags = file analysis, credit card, cc, dlp, data loss url = https://github.com/sethhall/credit-card-exposure

Install it:
$ bro-pkg install credit-card-exposure The following packages will be INSTALLED: bro/sethhall/credit-card-exposure (master) Proceed? [Y/n] y Installed "bro/sethhall/credit-card-exposure" (master) Loaded "bro/sethhall/credit-card-exposure

Later on, you'd check if any packages have been updated:
$ bro-pkg refresh Refreshed source packages: no changes Refreshed installed packages: no new outdated packages

And if a new version of any package is available (in this case, it was not), you could upgrade to it:
$ bro-pkg upgrade All packages already up-to-date.

If you're interested in how to get your own packages listed by bro-pkg, checkout the README of the bro/packages GitHub repository.

Roadmap

The only major, planned feature to add to bro-pkg is automatic dependency analysis/resolution.  e.g. packages should be able to specify a particular Bro version that they require and list other packages (and their version) that they depend on.  Then, for packages that specify such dependencies bro-pkg should automatically be able to install/upgrade package dependencies if the user gives their consent.

Feedback

If you have ideas/suggestions for new features or other feedback, you can find how to get in touch w/ the Bro team here.

If you find bugs, you can report them on the project's GitHub page.  Patches and pull requests are also welcome.