-
Notifications
You must be signed in to change notification settings - Fork 1
Bro
-
Patch for writing logs from Bro to Elasticsearch 2.x: Elastic does not accept dot in the field names and there are timestamping issues... https://github.com/danielguerra69/bro-debian-elasticsearch
-
Logstash plugin for Bro - https://github.com/BrashEndeavours/logstash-input-bro
-
Security Onion bro scripts - https://github.com/Security-Onion-Solutions/securityonion-bro-scripts
-
Kafka plugin for Bro - https://github.com/g-clef/KafkaLogger
-
scan-udp - https://github.com/sethhall/bro-junk-drawer/blob/master/scan_udp.bro
-
Seth's bro scripts - https://github.com/sethhall/bro-junk-drawer/
- Bro top - https://github.com/criticalstack/brotop/
- logstash plugin for bro logs - https://github.com/BrashEndeavours/logstash-input-bro
- Generate logstash configuration from Bro log headers - http://brostash.herokuapp.com/
Bro - supports csv as well as JSON formats for logs. You can use JSON to send logs to elastic using bro-elastic plugin. In addition, elasticsearch also have written a plugin - "de_dot" to avoid "dot" issue in field names.
- Bro scripts to filter out large and fast flows -
- Bro troubleshooting - https://speakerdeck.com/vladg/bro-deployment-verification-and-troubleshooting Bro Snippets - https://github.com/anthonykasza/scratch_pad scripts to help beginners program in Bro - https://github.com/anthonykasza/beginner_brogramming
-
http://blog.opensecurityresearch.com/2014/03/identifying-malware-traffic-with-bro.html
-
https://www.crowdstrike.com/blog/maximizing-network-threat-intel-bro/
-
PCAP files - https://github.com/aboutsecurity/Bro-samples/
-
Sad state of security intelligence - https://www.hurricanelabs.com/blog/bad-formatting-options-the-sad-state-of-security-intel
-
MAC-IP associations - https://gist.github.com/grigorescu/a28b814a8fb626e2a7b4715d278198aa