[Bro] Analysis tool ideas/tips?
Kim Halavakoski
kim at blackcatsec.net
Sun Apr 21 08:08:24 PDT 2013
Hello Bro-Jedis,
The more I experiment with Bro and start to see the wast possibilities with the collected data, I also feel the need for some serious log analysis / correlation capabilities besides the self-evident Unixy-way with grep, sort and [awk|sed]...
I really like splunk and I will for sure try feeding splunk with the bro-logs, and I am sure it will work perfectly. And there is even an app for that: http://eyeis.net/2012/04/splunking-the-onion/
Have you guys tried out any other log analysis tools? Greylog2? Logstash+Kibana?
Any ideas/tips/discussions welcome...
PS. I saw somewhere a presentation about saving executables flying over the network. Any pointers to scripts for doing that? I have a vision of sending those to cuckoosandbox for automatic malware analysis, ehich would be cool, kind-of like FireEye!
Best regards,
Kim Halavakoski
Sent from my mobile device, excuse my clawfingerness!
PGP S#: 0BFA A910 9AA7 94A5 A323 53F5 4151 4CE4 33BE 35FA
http://www.blackcatsec.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130421/d18840e0/attachment.html
More information about the Bro
mailing list