[Bro] mod_security and bro

Seth Hall seth at net.ohio-state.edu
Mon Nov 20 11:38:51 PST 2006


On Nov 20, 2006, at 2:29 PM, nikns wrote:

> Perhaps this would be interesting for you:
> http://www.inliniac.net/blog/?p=46

That's pretty interesting, but it's sort of the opposite direction of  
what I'm interested in.  That's aggregating alerts from multiple  
apache servers into a single analyst's console, and that could be an  
interesting integration point for Bro, but I'm thinking of having Bro  
watch the raw traffic over the network and doing all of the  
mod_security analysis at that point.

I'd like to be able to get alerts as if all of the hosts here were  
running mod_security (even though few likely are).

Thanks for the link.

   .Seth



More information about the Bro mailing list