[Bro] Info on configuring bro inline in AWS as IDS
James Stallard
JStallard at enquizit.com
Tue Jan 19 09:37:27 PST 2016
Hello Bros:
I'm just now installing bro for the government website at Small Business Admin.
The plan is to have bro behind our public ELBs as an in-line IDS, then route traffic to internal ELBs in front of our application / web servers.
As this is AWS, no tap is possible and the EC2s can be run in promiscuous mode either.
After a quick review of the documentation, I don't see where I can configure the routing once bro has done its work.
I.E. if I configure:
bro -i en0 <list of scripts to load>
do I need to then configure a script that will export all traffic to another agent such as an ELB or nginx ?
Any help would be appreceated.
JMS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160119/ce1b6530/attachment.html
More information about the Bro
mailing list