Note: Our current website is at www.zeek.org. This website is unmaintained and contains outdated information.
Abstract
This talk will demonstrate two possible ways of integrating Bro output with an incident response process. The first method involves hooking Bro events directly into a correlation framework which leverages meta blacklists and may be a proof-of-concept for future Bro scripts. The second method will show the power of alerting on and data mining Bro logs with ELSA, an open-source, large-scale log search and analysis framework which can be used as a front-end to Bro.
© 2014 The Bro Project.