Installation of Bro IDS on Pfsense
-
This package pfSense-pkg-bro allows installing bro on the pfSense and managing bro settings from the pfsense UI
-
Cool...are you working with pfSense to have it apart of the package repository? Will you be the maintainer?
-
I'm the maintainer and I'm planning to submit the pull request into the pfsense/FreeBSD-ports repository
-
Always great to have different options, thank you! As a home user currently and reasonably successfully using Suricata, but always a little confused by its setup... how does Bro compare in terms of ease of setup and use?
-
@occamsrazor Zeek (formerly Bro) needs a good amount of effort to deploy along with solid programming and scripting skills to handle it proficiently.
-
@shadonet01 Thanks, not for me then. But well done on the good work.
-
Hi sorry for the late response. I figured, searching was best-- if I put a bounty, would you consider writing and maintaining as part of your package icap support with configuration options in the GUI? The goal would be able to add/write custom bro scripts that can be executed from the pipeline of traffic tunneled to Bro from the Squid package(s). https://www.zeek.org/brocon2016/slides/fernandez_icap.pdf