[Bro] Integrating bro-ids on sguil or snorby
Seth Hall
seth at icir.org
Wed Sep 28 10:42:13 PDT 2011
On Sep 28, 2011, at 1:32 PM, carlopmart wrote:
> Sorry if this question sounds stupid, but I am very new using bro as
> an IDS. Is it possible to integrate bro logs on sguil or snorby or some
> type of front-ends like these ones??
I'm going to say no with the caveat that we will almost certainly have some sort of integration with those in the future.
If you only look at the output of Bro in those interfaces though, you'd currently be missing out on much of the benefit since Bro does extensive protocol logging. Are you running from our repository or a released version?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list