[Bro] bro question with SIEM
brianallen at wustl.edu
Fri Oct 31 12:45:58 PDT 2014
Our Medschool uses the IBM Qradar SIEM tool, and we have a project to expand it to cover the rest of the University. Since we have a SEIM now, I figured I might as well put the best logs I have in it - which include BRO logs: http, dns, conn, etc.
IBM is asking me the following question: Is BRO able to forward raw flow data that has not been normalized or altered?
I'm pretty sure the answer is no because I have worked with raw flow data with flow-tools a lot, but I wanted to post it here to make sure, plus see if anyone is using BRO with a SIEM and what those setups might look like.
Brian Allen, CISSP
Information Security Manager
brianallen at wustl.edu<mailto:brianallen at wustl.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro