Hello Bro-Jedis,
The more I experiment with Bro and start to see the wast possibilities with the collected data, I also feel the need for some serious log analysis / correlation capabilities besides the self-evident Unixy-way with grep, sort and [awk|sed]…
I really like splunk and I will for sure try feeding splunk with the bro-logs, and I am sure it will work perfectly. And there is even an app for that: http://eyeis.net/2012/04/splunking-the-onion/
Have you guys tried out any other log analysis tools? Greylog2? Logstash+Kibana?
Any ideas/tips/discussions welcome…
PS. I saw somewhere a presentation about saving executables flying over the network. Any pointers to scripts for doing that? I have a vision of sending those to cuckoosandbox for automatic malware analysis, ehich would be cool, kind-of like FireEye!
Best regards,
Kim Halavakoski
Sent from my mobile device, excuse my clawfingerness!
PGP S#: 0BFA A910 9AA7 94A5 A323 53F5 4151 4CE4 33BE 35FA
http://www.blackcatsec.net