[Bro] Yet Another Conference - like no other :)
Eric G
eric at nixwizard.net
Mon Oct 21 06:32:42 PDT 2013
On Oct 14, 2013 6:19 AM, "Michal Purzynski" <michal at rsbac.org> wrote:
>
> Yes. I'm from Mozilla. Now you know :)
>
> Slides from my recent talk about NSM @ Mozilla at YaC 2013 are here, a
> full video will hopefully follow.
>
> http://tech.yandex.ru/events/yac/2013/talks/1131/
>
Nice presentation, it confirms a few things I was suspecting :-)
I see you are logging to elasticsearch from Bro... have you taken a look at
Moloch for full packet capture? It's not included in Security Onion (yet?)
but we have played with it at work and we're now budgeting for Moloch
boxes. Moloch just recently added support for pfring as well, and from the
mailing list I saw someone posting that they were using pfring with
success. It does a really good job of indexing packet captures and has some
protocol decoders built in... I've found I don't even need to pull a pcap
out of it half the time because I get a clear picture from Moloch's web
interface
https://github.com/aol/moloch is their Github site
Just a thought
--
Eric
http://www.linkedin.com/in/ericgearhart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131021/2e17a182/attachment.html
More information about the Bro
mailing list