[Oisf-devel] Suricata, Bro and Broccoli
Victor Julien
victor at inliniac.net
Thu Nov 29 16:14:37 UTC 2012
On 11/29/2012 05:04 PM, Daniel Wyschogrod wrote:
> Some of the work we're hoping to incorporate with Suricata involves
> correlating multiple flows for various services. We were considering
> using Bro for this, with Suricata detections being used as input. One
> simple method would involve using Suricata detections feeding into
> Barnyard2 and then Barnyard2 sending alerts to Bro via Broccoli. It
> would be more efficient to directly add Broccoli calls to Suricata. Has
> there been any work along these lines that anybody has heard of?
We've been talking to the Bro guys about this, but as far as I know,
nothing has been done yet.
What kind of multi-flow correlation are you looking for?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list