Friday, August 9, 2013

Bropening Statements

Welcome! If you are looking to learn more about Bro as a programming language, you have come to the right place. Bro is a network monitoring platform that can provide insight into what is happening on a network or what has happened within a trace file. Bro has the capabilities to collect traffic to a trace file, identify specific patterns within traffic, and summarize flows. Bro can provide the same capabilities provided by tcpdump, Snort, and netflow combined. And more!

Bro is also programmable, meanin an operator is bale to script between the previous mentioned capabilities. It comes with a large set of default and tunable scripts. These included scripts are used to build Bro modules and frameworks which extend what Bro can do. As Bro is extremely extensible, mastering its domain specific language unlocks the potential of Bro.

This site is dedicated to programming with the Bro language. The Bro documentation can be intimidating for beginners and the constant developement that makes Bro so useful means keeping up can be a challenge. For these reasons, I intended to post a series of 'getting started; articles for understanding the fundamentals of programming with Bro.

I hope you find this blog useful. Feel free to leave comments if you have any questions or suggestions.

  1. any way to get ssl certificate count in ssl_conn_established function in bro ? is it possible ???