[Bro] Is there a quickstart method?
dcaldwell at colsa.com
Tue Nov 28 08:42:33 PST 2006
I am seeking a quickstart method to perform the following.
The intended purpose of the Bro install I am working on is to monitor
incoming traffic only. To break it down simply I want to track only
those incoming events that would appear to be malicious (ssh, telnet,
etc). We are trying to upgrade our security situation here, and in
order to get our customer to go along with it we have to show good
reason why we need it. Using Bro to capture malicious attempted
traffic will help us clarify the need for stiffer security measures
than we currently implement.
I am reading the manuals, and looking for the info I need to do just
that. In the case of you, if I can get some pointers to where to look
to do just what I have intended it would speed up the process for
what I have in mind.
We don't however wish to police our own outgoing and responding
traffic. I know this is possible with Bro, and am trying to get this
system up and running asap.
Can anyone provide pointers in the manuals, or other locations for
such a setup?
More information about the Bro