[Bro] Bro Detections and Compliance Questions
Andrew Dellana
andrew.dellana at bayer.com
Thu Feb 23 06:20:37 PST 2017
Hello,
When a bro script detects something, how can you go about resolving the issues that caused it (assuming it wasn't noise that caused it)? Is there something that I change in Bro or is this something that would be covered in the corporate compliance / security?
Following up with that what is the best practice to analyze the packet captures from Bro to determine if there is an actual issue? I am currently looking into Splunk as a log parser.
Best regards,
Andrew Dellana
Intern
________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170223/501af6c8/attachment-0001.html
More information about the Bro
mailing list