-
Notifications
You must be signed in to change notification settings - Fork 1
Bro
-
Patch for writing logs from Bro to Elasticsearch 2.x: Elastic does not accept dot in the field names and there are timestamping issues... https://github.com/danielguerra69/bro-debian-elasticsearch
-
Logstash plugin for Bro - https://github.com/BrashEndeavours/logstash-input-bro
-
Security Onion bro scripts - https://github.com/Security-Onion-Solutions/securityonion-bro-scripts
-
Kafka plugin for Bro - https://github.com/g-clef/KafkaLogger
-
scan-udp - https://github.com/sethhall/bro-junk-drawer/blob/master/scan_udp.bro
-
Seth's bro scripts - https://github.com/sethhall/bro-junk-drawer/
- Bro top - https://github.com/criticalstack/brotop/
- logstash plugin for bro logs - https://github.com/BrashEndeavours/logstash-input-bro
- Generate logstash configuration from Bro log headers - http://brostash.herokuapp.com/
Bro - supports csv as well as JSON formats for logs. You can use JSON to send logs to elastic using bro-elastic plugin. In addition, elasticsearch also have written a plugin - "de_dot" to avoid "dot" issue in field names.
- Bro scripts to filter out large and fast flows -
- Bro troubleshooting - https://speakerdeck.com/vladg/bro-deployment-verification-and-troubleshooting