Bro是一个强大的网络分析框架，它与ids相比又有很多不同的地方。与通用的网络传输分析工具相比它侧重于网络安全监控和提供一个完整的平台化工具。Bro的特别之处：
Adaptable: Bro’s domain-specific scripting language enables site-specific monitoring policies.
Efficient: Bro targets high-performance networks and is used operationally at a variety of large sites.
Flexible: Bro is not restricted to any particular detection approach and does not rely on traditional signatures.
Forensics: Bro comprehensively logs what it sees and provides a high-level archive of a network’s activity.
In-depth Analysis: Bro comes with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
Highly Stateful: Bro keeps extensive application-layer state about the network it monitors.
Open Interfaces: Bro interfaces with other applications for real-time exchange of information.
Open Source: Bro comes with a BSD license, allowing for free use with virtually no restrictions.
工具下载：http://www.bro-ids.org/download/index.html