Broccoli and Intrusion Detection Exchange Format

Vern · September 14, 2005, 9:11pm

FYI, there are some hooks for IDMEF support within Bro itself (see #ifdef
USE_IDMEF), but it's not complete. Broccoli doesn't have any IDMEF support,
and in fact I don't believe it would be a fit for it to do so - IDMEF is
for exchanging alerts, while Broccoli aims for exchanging events and typed
values, which are much more general.

Vern

Christian_Kreibich3 · September 14, 2005, 10:35pm

Indeed. Broccoli is the wrong level of abstraction for IDMEF. Either use
Broccoli to feed events into a Bro and have the Bro node generate IDMEF
alerts, or write your own application that uses Broccoli for inter-Bro
communication and something like libidmef to communicate alerts.

Cheers,
Christian.

Topic		Replies	Views
Broccoli and Intrusion Detection Exchange Format Zeek	1	77	May 6, 2022
(no subject) Zeek	1	83	May 6, 2022
Bro-IDS integration to sguil Zeek	3	82	May 6, 2022
How to use Broccoli to pull event from Bro Zeek	3	83	May 6, 2022
Using Broccoli to config Bro agents remotely Zeek	2	99	May 6, 2022

Broccoli and Intrusion Detection Exchange Format

Related topics