[Bro] Help with Bro & ES
Chris Williams
cw13 at umbc.edu
Wed Oct 21 09:16:34 PDT 2015
I recently installed Bro, and I am trying to get it to work with elastic
search (with Kibana as a front end.) I have alerts getting to ES and it
shows up in Kibana, but it is a mix of unintelligible json messages. For
example, some don't have timestamps:
*{ "_index": "bro-201510191500", "_type": "loaded_scripts", "_id":
"AVCBw07WiyISA4W_6X0j", "_score": 1, "_source": { "name": "
/usr/local/bro/share/bro/base/bif/bro.bif.bro" }}*
Can anyone provide guidance, or suggest resources on organizing and sorting
alerts/messages such that I can use it with ES/Kibana? I am not sure if I
missed something in configuration and I am having a tough time finding
resources online for further suggestions.
Thanks!
Chris Williams
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151021/f790f692/attachment.html
More information about the Bro
mailing list