[Oisf-devel] RFC: Broccoli output plugin for Suricata (WIP)
Tom DeCanio
td at npulsetech.com
Wed May 8 16:46:00 UTC 2013
This work has been funded by nPulse Technologies. This is an output
plugin for Suricata that optionally sends alert information to Bro
using Broccoli.
A similar capability already exists in Barnyard2 that forwards alerts
to Bro by ingesting unified2 alert logs. This operates by sending
Broccoli data to Bro directly from Suricata. The Broccoli event
format generated by this output plugin is aligned fairly close to that
generated by Barnyard2.
A simple Bro script example has been provided in the contrib directory
that ingests suricata alert events and writes a log file similar to
the fast.log file format. This is intended to be an example of how
one might consume suricata alerts from within Bro.
The code can be found here:
https://github.com/decanio/suricata-np/tree/dev-broccoli/contrib/bro
Please review. All comments are welcome.
Regards;
Tom
--------------------------------------------------------------------
The information contained herein is for the exclusive use of the original recipient. This information is granted for limited distribution within the recipient's organization for planning purposes only. Further dissemination, whether private or public, is prohibited and may be covered under a non-disclosure agreement.
More information about the Oisf-devel
mailing list