[Bro] Connection records in a database?
Vern Paxson
vern at icir.org
Sat Oct 4 16:31:41 PDT 2008
> I want to stuff connections records into a relational database (likely
> postgres). Has anyone done this?
Note, we have a significant research project underway for exporting Bro
events into a high-performance database for purposes of both forensics and
real-time detection of previously described activity. We describe the
vision in our recent HotSecurity paper:
http://www.icir.org/vern/papers/awareness-hotsec08/index.html
The underlying technology is partially implemented, but won't be ready
for use by others for a good while.
Vern
More information about the Bro
mailing list