[Bro] bro question with SIEM
Allen, Brian
brianallen at wustl.edu
Fri Oct 31 12:45:58 PDT 2014
Hi -
Our Medschool uses the IBM Qradar SIEM tool, and we have a project to expand it to cover the rest of the University. Since we have a SEIM now, I figured I might as well put the best logs I have in it - which include BRO logs: http, dns, conn, etc.
IBM is asking me the following question: Is BRO able to forward raw flow data that has not been normalized or altered?
I'm pretty sure the answer is no because I have worked with raw flow data with flow-tools a lot, but I wanted to post it here to make sure, plus see if anyone is using BRO with a SIEM and what those setups might look like.
Thanks,
-Brian
Brian Allen, CISSP
Information Security Manager
Washington University
brianallen at wustl.edu<mailto:brianallen at wustl.edu>
314-935-5380
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141031/b4d9f954/attachment.html
More information about the Bro
mailing list