[Bro] bro question with SIEM

Allen, Brian brianallen at wustl.edu
Fri Oct 31 12:45:58 PDT 2014

Hi -

Our Medschool uses the IBM Qradar SIEM tool, and we have a project to expand it to cover the rest of the University.  Since we have a SEIM now, I figured I might as well put the best logs I have in it -  which include BRO logs: http, dns, conn, etc.

IBM is asking me the following question:  Is BRO able to forward raw flow data that has not been normalized or altered?

I'm pretty sure the answer is no because I have worked with raw flow data with flow-tools a lot, but I wanted to post it here to make sure, plus see if anyone is using BRO with a SIEM and what those setups might look like.


Brian Allen, CISSP
Information Security Manager
Washington University
brianallen at wustl.edu<mailto:brianallen at wustl.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141031/b4d9f954/attachment.html 

More information about the Bro mailing list