[Bro] Analysis tool ideas/tips?
Heine Lysemose
lysemose at gmail.com
Sun Apr 21 08:56:36 PDT 2013
Hi
Take a look at ELSA,
https://code.google.com/p/enterprise-log-search-and-archive/
Regards,
Lysemose
On Apr 21, 2013 5:10 PM, "Kim Halavakoski" <kim at blackcatsec.net> wrote:
>
> Hello Bro-Jedis,
> The more I experiment with Bro and start to see the wast possibilities
> with the collected data, I also feel the need for some serious log analysis
> / correlation capabilities besides the self-evident Unixy-way with grep,
> sort and [awk|sed]...
>
> I really like splunk and I will for sure try feeding splunk with the
> bro-logs, and I am sure it will work perfectly. And there is even an app
> for that: http://eyeis.net/2012/04/splunking-the-onion/
>
> Have you guys tried out any other log analysis tools? Greylog2?
> Logstash+Kibana?
>
> Any ideas/tips/discussions welcome...
>
> PS. I saw somewhere a presentation about saving executables flying over
> the network. Any pointers to scripts for doing that? I have a vision of
> sending those to cuckoosandbox for automatic malware analysis, ehich would
> be cool, kind-of like FireEye!
>
>
> Best regards,
>
> Kim Halavakoski
>
> *Sent from my mobile device, excuse my clawfingerness!*
>
> PGP S#: 0BFA A910 9AA7 94A5 A323 53F5 4151 4CE4 33BE 35FA
> http://www.blackcatsec.net
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130421/e485119a/attachment.html
More information about the Bro
mailing list