Thursday, June 29, 2017

Bro Package Manager: list of packages

While we’re in the process of developing a web site for the Bro Package Manager project, we’d like to share the packages we have collected so far. The package names and a short description are listed below. 

Source: https://github.com/bro/packages
To learn how to use the Package Manager, see our documentation. 


Contributor
Package Name
Description
jsiwek
An example Bro package for testing purposes
0xxon
PostgreSQL reader and writer for Bro
0xxon
Two-dimensional buckets for sumstats (count occurences per $str)
Corelight
Find and log long-lived connections into a "conn_long" log
dopheide
Adds support for multi-notice correlation
dopheide
The Linux VENOM rootkit
Hhzzk
Detect DNS Tunnels attack
initconf
Detection for Apache Struts recon and compromise
initconf
Phish email analysis
initconf
Scan-detection policies for Bro
j-gras
Additional JSON-logging for Bro
j-gras
This plugin provides native AF_Packet support for Bro
j-gras
Extensions for Bro's intelligence framework
joesecurity
Extracts files from your internet connection and analyzes them automatically on Joe Sandbox
jonzeolla
Modified version of scan.bro to add destination IP sampling
jswaro/tcprs - TCP
TCP Retransmission and State Analyzer plugin for Bro
Ncsa
A broctl plugin that helps you setup capture interfaces
pgaulon
Bro Notices through Slack webhook
Scebro
LDAP write operations analyzer for Bro
sethhall
Packet source plugin that provides native Myricom SNF v3+v4 support
sethhall
Detect credit card numbers in HTTP and SMTP with Bro
sethhall
Bro script library for getting the effective TLD of a domain
sethhall
Detect US Social Security numbers in HTTP and SMTP with Bro
srozb
Find and notice DNS zone transfer attempts
theflakes
Raise notices on outgoing files over X bytes in size

Tuesday, June 27, 2017

Bro 2.5.1 released

We are very happy to announce the release of Bro v2.5.1. The new version is now available for download! This release contains a number of bug fixes. Fixes include:
  •  Better file analysis memory management
  •  Less cluster node communication
  •  Correct expiration of intelligence items after reinsertion
  • A bug in the OCSP validation code
This point-release also includes a number of new features, including new file handling BIFS, support for ERSPAN, and new BroControl options.

For more information see the NEWS and CHANGES files:
  https://www.bro.org/download/NEWS.bro.html
  https://www.bro.org/download/CHANGES.bro.txt

Feel free to use our mailing list or the bug tracker to provide feedback or report problems.

Wednesday, June 7, 2017

Bro 2.5.1 Beta

The beta version for Bro 2.5.1 is now available for testing and can be
downloaded at https://bro.org/download/index.html. Binary packages also are available at https://bro.org/download/beta-packages.html.

This release contains a number of bug fixes. Fixes include:
  •  Better file analysis memory management
  •  Less cluster node communication
  •  Correct expiration of intelligence items after reinsertion
  • A bug in the OCSP validation code

This point-release also includes a number of new features, including new file handling BIFS, support for ERSPAN, and new BroControl options.

For more information see the NEWS and CHANGES files:
  https://www.bro.org/documentation/beta/NEWS.bro.html
  https://www.bro.org/documentation/beta/CHANGES.bro.txt

Feel free to use our mailing list or the bug tracker to provide feedback or report problems.