Little background of my question: I have access to Bro logs (conn,ftp,http, files etc.) and want to use them for machine learning. It will be really helpful to know the Bro logs relationship.
I am looking for a list of all Bro events hierarchy. For example, HTTP session will generate a conn, http and files events. I just want to understand how these logs are created based on a particular event. TLS/SSL will generate conn, ssl, files and x509 events,
Is there any such document available or is there any other way to figure this out?
Thanks for your help