Bro: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 30: | Line 30: | ||
</pre> | </pre> | ||
In order to build Bro on Debian 9, install libssl1.0-dev instead of libssl-dev. | |||
(Link: https://github.com/bro/bro/blob/master/doc/install/install.rst) | |||
Then the usual: | |||
<pre> | <pre> | ||
Revision as of 15:56, 25 January 2018
Initial Notes
Intrusion detection system.
Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:
- This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
- Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
Hat tip:
Installing
Debian - from source
To install on Debian from source, check out the repo with all submodules:
git clone --recursive https://github.com/bro/bro.git
The INSTALL file is pretty clear with its instructions, but the summary:
sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev
In order to build Bro on Debian 9, install libssl1.0-dev instead of libssl-dev.
(Link: https://github.com/bro/bro/blob/master/doc/install/install.rst)
Then the usual:
./configure make sudo make install
this will install to /usr/local/
Notes
How would you integrate outlier detection, unsupervised learning, and classification algorithms to improve networking benchmarks and differentiation of traffic?
What does Bro do "under the hood" and how can that be improved by machine learning?
Flags
 |
network monitoring tools and techniques for monitoring networks to avoid pain and suffering
Network Monitoring/Ten Best Practices
Network Monitoring Tools: Bro (network baselining): Bro Snort (IDS): Snort
Category:Network Monitoring · Category:Networking · Category:Linux Flags · Template:NetworkMonitoringFlag · e |