[Bro] Insider Abuse Use Case

Hosom, Stephen M hosom at battelle.org
Mon Jul 18 11:39:23 PDT 2016

"Insider Abuse" is a very wide topic. Is there something a little more specific that you're looking to do? 
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Wulfy H [wulfyh at gmail.com]
Sent: Monday, July 18, 2016 12:58 PM
To: bro at bro.org
Subject: [Bro] Insider Abuse Use Case

Hello all,

On slide 11 of this presentation: https://www.bro.org/bro-workshop-2011/slides/network-forensics.pdf

There is a Use Case for Insider Abuse, I am interested in this and am a beginner to Bro IDS scripting. Is there any existing script dealing with some form of Insider Abuse that I can use as an example?



More information about the Bro mailing list