[Bro] Stepping Stone Detection
Michał Purzyński
michalpurzynski1 at gmail.com
Tue Sep 23 08:46:17 PDT 2014
This is harder than it sounds. Bro could be used to provide input to
some kind of machine learning system, that discovers patterns on
how/when your internals servers are accessed and to warn on something
that's 'interesting', with potentially a scoring system.
On Tue, Sep 23, 2014 at 4:54 PM, Robin Sommer <robin at icir.org> wrote:
>
>
> On Tue, Sep 23, 2014 at 09:08 -0500, Vlad Grigorescu wrote:
>
>> If I recall correctly, I believe the detection doesn't work well on
>> clusters.
>
> Yeah, that's one problem. Another (related) is that conceptually the
> stepping stone detector is hardcoded into the core system, rather than
> implemented at script-land as pretty much evertthing else is.
>
> Robin
>
> --
> Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
> ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Michał Purzyński
More information about the Bro
mailing list