[Bro] Bro-IDS integration to sguil
Lee Sheng
darkxer05 at yahoo.com
Tue Jul 4 07:27:56 PDT 2006
Hi all, I think I had previously mentioned the
availabilities of brooery and Christian has replied
with the answer that brooery is not ready yet and
recommend me to try sguil. I have been long time user
of sguil under production environment, and I would
like to see the integration of bro-ids to provide
alert data to sguil.
While sguil integrates 4 forms of data including alert
data that provided by snort, I think that's possible
to have bro-IDS alert data sending to sguil as well. I
have talked to the core developer of sguil - Bamm, and
he told me that it can be done by having bro talking
to the sensor_agent.tcl.
I'm not that familiar with bro comparing to snort,
thus I would like to know any pointer and reference
that can help me to complete the integration of bro to
sguil. Many Thanks.
I think that would be lovely to have it done.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Bro
mailing list