Good morning everyone,
Does anyone use the Critical Stack intel feeds in with a Bro cluster? Or does anyone know if the Critical Stack client is supported in a cluster environment?
Thanks
Shane
It should work just fine on a cluster; just install it on the manager. The intel framework itself checks to see if it’s running on a cluster and then distributes the intel accordingly.
https://github.com/bro/bro/blob/master/scripts/base/frameworks/intel/input.bro
Liam
I have it running on the manager in my home network. It was a painless set up.