[Bro] BRO on the endpoint, how to manage.

Dan Ecott dan.ecott at gmail.com
Wed Mar 8 03:50:59 PST 2017


I am exploring whether Bro can work for my company in a particular use
case. What I would like to do is run Bro sensors on developer laptops,
centrally manage the Bro scripts that run on those end points and ensure
the Bro process is always running.

What is the best way to run a deployment like this? Has it been done
before? Bro Cluster doesn't look like the right solution.

As far as managing the scripts, I was thinking of building an AWS code
pipeline where I can promote scripts through a Git repo, then have a
process whereby approved scripts get pushed out to the end points quickly.

Any help on this would be appreciated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170308/4c0e2af4/attachment.html 

More information about the Bro mailing list