[Bro-Dev] osquery integration
Seth Hall
seth at icir.org
Wed Feb 4 10:34:11 PST 2015
> On Feb 4, 2015, at 11:37 AM, Siwek, Jon <jsiwek at illinois.edu> wrote:
>
> Teaching Bro a good way to interface directly w/ JSON might also be beneficial in other areas.
Huh, that’s actually a good point. Not quite sure how that would look yet though.
Also, I when I was digging around in osquery, their default view of data internally seems to be in a plist-type format. They have a routine that converts it to json for output. So we certainly aren’t bound to json with this in any way.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the bro-dev
mailing list