Overview
Explore the flexible open-source platform Bro in this 25-minute conference talk from TROOPERS14. Dive into packet capturing, platform layers, and Bro command lines. Learn about Conrad Lock, HTTP dialogue analysis, and SMTP protocol analyzers. Discover Bro's product features, including simple heuristics for SSH logins and host name login intelligence. Examine passive and active intelligence integration, and understand how to implement improv and task scripts. Gain insights into alert systems and walk away with a comprehensive understanding of Bro's capabilities for network security and analysis.
Syllabus
Introduction
Capturing Packets
Platform Layer
Bro Command Lines
Conrad Lock
HTTP Dialogue
Protocol Analyzer
SMTP
Product by Bro
Simple heuristics
SSH logins
Host name login
Intelligence
Wallet
Passive Intelligence Integration
Active Intelligence Integration
Improv Script Code
Task Script Code
Alerts
Summary
Taught by
WEareTROOPERS