[Bro-Dev] Broker data layouts
Robin Sommer
robin at corelight.com
Tue Aug 21 11:09:27 PDT 2018
On Tue, Aug 21, 2018 at 12:34 -0500, Jonathan Siwek wrote:
> Maybe there's a more standardized approach that could be worked
> towards, but likely we just need more experience in understanding and
> defining common use-cases for external Bro data consumption.
Dominik, wasn't the original idea for VAST to provide an event
description language that would create the link between the values
coming over the wire and their interpretation? Such a specification
could be auto-generated from Bro's knowledge about the events it
generates.
Also, this question is about events, not logs, right? Logs have a
different wire format and they actually come with meta data describing
their columns.
Robin
--
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the bro-dev
mailing list