[Bro] Question about Brownian project

Vlad Grigorescu vladg at illinois.edu
Fri Sep 23 08:28:12 PDT 2016 

The Brownian location hasn't changed; it's available here: https://github.com/grigorescu/Brownian

In terms of what happened to it, there are two main issues:

1) ElasticSearch breaking compatibility in 2.X (though, thanks Jon for
pointing out that this is fixed in the latest release),

2) broLogTypes.py needing to be updated for new log files. To me, this
is the main advantage that Brownian has over other tools (which are much
more powerful in terms of graphs and dashboards), in that Brownian
"knows" that dns$query, even though it's technically a string, is often
a domain name that you might want to do a lookup on. Or that ftp$user is
a username that you might want to query in LDAP.

From a personal perspective, Brownian started out of necessity, and I've
switched jobs a couple of times in the meantime. At NCSA, we don't have
an ElasticSearch cluster, so Brownian development hasn't been a
priority, especially since I don't even know what the problems are these
days.

I still have a long todo list for Brownian, but to be honest, I'm not
sure how many people are still using it today, and how many would
benefit from improvements to it. I still look at pull requests and
issues that come through (though I'm afraid that I'm often slow to
respond to them).

My hope is that one day Brownian is redone as a front-end to VAST, and
is more tightly coupled with Bro, but this is a space that's always
rapidly evolving and hard to predict.

A long answer to your question, but it's been a while since I've given a
status update on Brownian, and I think others may have been wondering
the same thing.

  --Vlad

Espresso Beanies <espressobeanies at gmail.com> writes:

> Hi,
>
> I'm trying to figure out what happened to the Brownian project (front-end
> for Bro) and whether or not there are other projects attempting to create a
> front-end for Bro IDS using ElasticSearch.
>
> Thank you,
> E
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160923/38775e13/attachment.bin

More information about the Bro mailing list