[Oisf-devel] Suricata, Bro and Broccoli
Martin Holste
mcholste at gmail.com
Thu Nov 29 16:17:25 UTC 2012
I've not heard of anything formal. Since there is a Python interface for
Broccoli, the quickest method would be to have Suricata output to syslog on
a local off port, then have a Python script listen on that local port and
do the Bro conversion there. That might be a good way to get a
proof-of-concept going to see if there's value there.
On Thu, Nov 29, 2012 at 10:04 AM, Daniel Wyschogrod <dwyschogrod at bbn.com>wrote:
> Some of the work we're hoping to incorporate with Suricata involves
> correlating multiple flows for various services. We were considering using
> Bro for this, with Suricata detections being used as input. One simple
> method would involve using Suricata detections feeding into Barnyard2 and
> then Barnyard2 sending alerts to Bro via Broccoli. It would be more
> efficient to directly add Broccoli calls to Suricata. Has there been any
> work along these lines that anybody has heard of?
>
> Thanks,
> Dan
> --
> ________________
> Dan Wyschogrod
>
> Senior Scientist
> Cyber Security
> Raytheon/BBN Technologies
>
> dwyschogrod at bbn.com
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/e3c969ad/attachment-0002.html>
More information about the Oisf-devel
mailing list