[Oisf-devel] Suricata, Bro and Broccoli
Daniel Wyschogrod
dwyschogrod at bbn.com
Thu Nov 29 16:33:27 UTC 2012
We are considering multi-flow and packet correlation for a number of our
existing sensors that we want to port to a combination of Suricata
and/or Bro environments. Some examples include matching ICMP echo and
echo reply messages and counting various types of ICMP messages coming
from individual IP addresses. We were thinking of using Suricata to
identify ICMP message types and then using Bro to do the counting per IP
address, or something like that. Our previous implementation used a
specialized architecture.
Dan
> Victor Julien <mailto:victor at inliniac.net>
> November 29, 2012 11:14 AM
>
> We've been talking to the Bro guys about this, but as far as I know,
> nothing has been done yet.
>
> What kind of multi-flow correlation are you looking for?
>
--
________________
Dan Wyschogrod
Senior Scientist
Cyber Security
Raytheon/BBN Technologies
dwyschogrod at bbn.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/ea9fe2a9/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postbox-contact.jpg
Type: image/jpeg
Size: 1134 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/ea9fe2a9/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/ea9fe2a9/attachment-0002.bin>
More information about the Oisf-devel
mailing list