diff --git a/bro/Dockerfile b/bro/Dockerfile
new file mode 100644
index 0000000..bd1d347
--- /dev/null
+++ b/bro/Dockerfile
@@ -0,0 +1,20 @@
+#
+# Dockerfile for bro
+#
+
+FROM debian:jessie
+MAINTAINER kev <noreply@datageek.info>
+
+RUN apt-get update \
+    && apt-get install -y curl \
+    && curl http://download.opensuse.org/repositories/network:bro/Debian_8.0/Release.key | apt-key add - \
+    && echo 'deb http://download.opensuse.org/repositories/network:/bro/Debian_8.0/ /' > /etc/apt/sources.list.d/bro.list \
+    && apt-get update \
+    && apt-get install -y bro \
+    && rm -rf /var/lib/apt/lists/*
+RUN echo 'export PATH=/opt/bro/bin:$PATH' >> /root/.bashrc
+
+WORKDIR /opt/bro/logs
+
+ENTRYPOINT bro -i
+CMD ${DEVICE:-eth0}
diff --git a/bro/README.md b/bro/README.md
new file mode 100644
index 0000000..a93d153
--- /dev/null
+++ b/bro/README.md
@@ -0,0 +1,29 @@
+`Bro` is a powerful system that on top of the functionality it provides out of
+the box, also offers the flexibility to customize analysis pretty much
+arbitrarily. We provide a range of documentation material ranging from
+introductory material to get you started, to full references of Bro’s various
+frameworks.
+
+## docker-compose.yml
+
+```
+bro:
+  image: vimagick/bro
+  volumes:
+    - ./logs:/opt/bro/logs
+  environment:
+    - DEVICE=eth0
+  net: host
+```
+
+## up and running
+
+```
+$ cd ~/fig/bro/
+
+$ docker-compose up -d
+
+$ docker exec -it bro_bro_1 bash
+>>> tail -n +1 -f http.log | bro-cut -d ts user_agent
+>>> exit
+```