[Bro-Dev] osquery integration

Seth Hall seth at icir.org
Wed Feb 4 10:34:11 PST 2015


> On Feb 4, 2015, at 11:37 AM, Siwek, Jon <jsiwek at illinois.edu> wrote:
> 
>  Teaching Bro a good way to interface directly w/ JSON might also be beneficial in other areas.

Huh, that’s actually a good point.  Not quite sure how that would look yet though.

Also, I when I was digging around in osquery, their default view of data internally seems to be in a plist-type format.  They have a routine that converts it to json for output.  So we certainly aren’t bound to json with this in any way.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the bro-dev mailing list