[Bro] Web GUI for Bro?

Daniel Guerra daniel.guerra69 at gmail.com
Wed Jan 25 13:27:00 PST 2017 

Hi,

Check my docker project.

https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/

The quick way :

export DOCKERHOST="<ip>:8080"
wget https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/master/docker-compose.yml
docker-compose pull
docker-compose up

You can send pcap data with pcap to port 1969 “nc dockerip 1969 < mypcapfile”

After this open your browser to dockerip:5601 for kibana, its preconfigured with some
queries and desktops. 


> On 25 Jan 2017, at 14:48, project722 <project722 at gmail.com> wrote:
> 
> Thanks All. I am looking into ELK. 
> 
> On Tue, Jan 24, 2017 at 2:44 AM, Kevin Ross <kevross33 at googlemail.com <mailto:kevross33 at googlemail.com>> wrote:
> As said before ELK is your best bet. Here is a link that may interest you. The learning curve may be steep but it is worth it in the end (assuming you are putting this together yourself and not a all in one solution that provides it for you) when you can query logs as easily as a google search and visualise.
> 
> https://www.elastic.co/blog/bro-ids-elastic-stack <https://www.elastic.co/blog/bro-ids-elastic-stack>
> 
> Also you could use security oniion and it uses ELSA to present these logs although my preference these days because of its easier ability I find to add in new data sources would be ELK (i.e once you understand logstash and parsing logs you can easily parse any log you have to correlate Bro, IDS, network and even host logs).
> 
> https://github.com/mcholste/elsa <https://github.com/mcholste/elsa>
> http://blog.bro.org/2012/01/monster-logs.html <http://blog.bro.org/2012/01/monster-logs.html>
> 
> On 21 January 2017 at 11:54, project722 <project722 at gmail.com <mailto:project722 at gmail.com>> wrote:
> Got Bro 2.4.1 working on a RHEL 6 system. Can anyone provide suggestions on what I should use as a web GUI for bro? What is the best options out there? NOTE - my version of Bro was compiled from source. 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org <mailto:bro at bro-ids.org>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170125/84432b7c/attachment-0001.html

More information about the Bro mailing list