[Bro] Bro and filesystem data on a host (UNCLASSIFIED)
seth at icir.org
Wed Feb 27 09:11:43 PST 2013
On Feb 27, 2013, at 12:03 PM, "Fair, Charles A SSG USARMY NG NGB ARNG PEC (US)" <charles.a.fair2.mil at mail.mil> wrote:
> If I understand correctly, the input framework is the way that log files,
> for instance from a host, can be ingested by Bro?
It's a bit more comprehensive than that since the input framework is plugin based and we will be releasing plugins for more things over time (databases, etc).
> One of the things I was
> interested in doing was identifying key information from a log, such as a MS
> Windows Event log, via event viewer to syslog, with network traffic.
I don't want to talk about it publicly yet because things are still a little unclear, but I've been having concrete discussions with a couple of people related to this functionality. It's definitely on our radar.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro