[Bro-Dev] osquery integration
Robin Sommer
robin at icir.org
Wed Feb 4 10:33:46 PST 2015
On Wed, Feb 04, 2015 at 17:48 +0000, you wrote:
> deal to me: don’t expect the code involved to be that tricky.
Yep, indeed.
> Yeah, if there’s many disparate applications acting as nodes here,
> then may be better to use Broker’s data as common format to ensure
> everyone has the tools necessary to interpret the messages.
(I won't claim that that's necessarily the case here, but I think it's
good to establish a precedent that this is the right way to do it.)
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the bro-dev
mailing list