Changeset View
Changeset View
Standalone View
Standalone View
security/zeek/pkg-descr
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) | Zeek (formally known as Bro) is an open-source, Unix-based Network | ||||
that passively monitors network traffic and looks for suspicious activity. | Intrusion Detection System (NIDS) that passively monitors network | ||||
Bro detects intrusions by first parsing network traffic to extract its | traffic and looks for suspicious activity. Zeek detects intrusions | ||||
matthew: s/Bro/Zeek/ | |||||
application-level semantics and then executing event-oriented analyzers that | by first parsing network traffic to extract its application-level | ||||
compare the activity with patterns deemed troublesome. Its analysis includes | semantics and then executing event-oriented analyzers that compare | ||||
detection of specific attacks (including those defined by signatures, but | the activity with patterns deemed troublesome. Its analysis includes | ||||
also those defined in terms of events) and unusual activities (e.g., certain | detection of specific attacks (including those defined by signatures, | ||||
hosts connecting to certain services, or patterns of failed connection | but also those defined in terms of events) and unusual activities | ||||
attempts). | (e.g., certain hosts connecting to certain services, or patterns | ||||
of failed connection attempts). | |||||
Not Done Inline Actionss/formally/formerly/ ler: s/formally/formerly/
| |||||
Bro is documented in the USENIX 1998 Security Conference proceedings. | Zeek is documented in the USENIX 1998 Security Conference proceedings | ||||
(as Bro). | |||||
Not Done Inline ActionsAnd again s/Bro/Zeek/ matthew: And again s/Bro/Zeek/
| |||||
WWW: https://www.bro.org/ | WWW: https://www.zeek.org/ |
s/Bro/Zeek/