[Bro] Insider Abuse Use Case
Hosom, Stephen M
hosom at battelle.org
Mon Jul 18 11:39:23 PDT 2016
"Insider Abuse" is a very wide topic. Is there something a little more specific that you're looking to do?
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Wulfy H [wulfyh at gmail.com]
Sent: Monday, July 18, 2016 12:58 PM
To: bro at bro.org
Subject: [Bro] Insider Abuse Use Case
On slide 11 of this presentation: https://www.bro.org/bro-workshop-2011/slides/network-forensics.pdf
There is a Use Case for Insider Abuse, I am interested in this and am a beginner to Bro IDS scripting. Is there any existing script dealing with some form of Insider Abuse that I can use as an example?
More information about the Bro