[Bro] mod_security and bro
Seth Hall
seth at net.ohio-state.edu
Mon Nov 20 11:38:51 PST 2006
On Nov 20, 2006, at 2:29 PM, nikns wrote:
> Perhaps this would be interesting for you:
> http://www.inliniac.net/blog/?p=46
That's pretty interesting, but it's sort of the opposite direction of
what I'm interested in. That's aggregating alerts from multiple
apache servers into a single analyst's console, and that could be an
interesting integration point for Bro, but I'm thinking of having Bro
watch the raw traffic over the network and doing all of the
mod_security analysis at that point.
I'd like to be able to get alerts as if all of the hosts here were
running mod_security (even though few likely are).
Thanks for the link.
.Seth
More information about the Bro
mailing list