[Bro] Threat Intelligence Management

Jan Grashofer jan.grashofer at cern.ch
Thu Jun 25 04:55:49 PDT 2015

Hi Lysemose,

thanks a lot for your reply! Critical stack is like a marketplace for intel in the cloud, right? What I am looking for is a solution I can deploy at my site to ingest intel of different sources (also putting in manually collected stuff), which can be queried by different parts of our stack (Bro only one of them). CIF seemed promising but whether the idea behind might be great, at least the documentation is horrible.


From: Heine Lysemose [lysemose at gmail.com]
Sent: Thursday, June 25, 2015 13:44
To: Jan Grashofer
Cc: bro at bro.org
Subject: Re: [Bro] Threat Intelligence Management


I encourage you to have a look at, https://intel.criticalstack.com/


On Thu, Jun 25, 2015 at 1:31 PM, Jan Grashofer <jan.grashofer at cern.ch<mailto:jan.grashofer at cern.ch>> wrote:
Hi all,

I am having a look at Threat Intelligence Management solutions, which can be used with Bro. What do you use and what are your experiences?


Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150625/71c31d81/attachment.html 

More information about the Bro mailing list