Hi Everybody!!!
I am new here and I would like your help.
I am studing computer science and I am doing the final proyect in security.
I am running Bro 0.9a9 and I would like made it a prelude sensor, and also if it is posible to save alert information in a MySQl database. Can anybody help me? I would be grateful if I could have your answear.
thanks
-ANDER-
Hi Ander,
Hi Everybody!!!
I am new here and I would like your help.
I am studing computer science and I am doing the final proyect in
security.
I am running Bro 0.9a9 and I would like made it a prelude sensor, and
there should be some existing work on this here:
It's rather old, and as the author says, is "crappy code", which is
probably a good thing for your project.
For integrating Bro event communication with non-Bro applications, you
might find Broccoli (as of now included in the Bro distribution)
helpful:
http://www.cl.cam.ac.uk/~cpk25/broccoli/index.html
also if it is posible to save alert information in a MySQl database.
That's a major feature we've been thinking of implementing for a while
now ourselves. It mainly hasn't happened yet due to lack of time. There
are a good deal of things to consider and before you start hacking away
it'd make it vastly more likely for your changes to end up in the Bro
distribution if we could discuss things first. Basically, we would like
to have fully decoupled output modules, where a default one might log to
files as is currently done, another one to a database, etc.
I'd suggest starting with familiarizing yourself with the current
notice/alarm framework first. Focus on the development branch, not the
stable one.
Cheers,
Christian.