[Oisf-devel] Suricata, Bro and Broccoli
Daniel Wyschogrod
dwyschogrod at bbn.com
Thu Nov 29 16:04:51 UTC 2012
Some of the work we're hoping to incorporate with Suricata involves
correlating multiple flows for various services. We were considering
using Bro for this, with Suricata detections being used as input. One
simple method would involve using Suricata detections feeding into
Barnyard2 and then Barnyard2 sending alerts to Bro via Broccoli. It
would be more efficient to directly add Broccoli calls to Suricata. Has
there been any work along these lines that anybody has heard of?
Thanks,
Dan
--
________________
Dan Wyschogrod
Senior Scientist
Cyber Security
Raytheon/BBN Technologies
dwyschogrod at bbn.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/923fabd0/attachment.html>
More information about the Oisf-devel
mailing list