Do there's a GUI or something likes this in order to see the various alerts ?
I saw there's perhaps "Brooery" but is it available ?
A tool likes this is very valuable if we plan to install the IDS to people
with a minimum of background with computers.
I recently 'sacrified' an old laptop with an old distro and installed it with
access to Internet (ssh input allowed) behind my gateway, some very easy login/password after
i got a very nice IRC bot...
What i now want to do is to raise up alerts if connections come from the
inside. Sound likes a "nbad.bro" or something else likes this may be helpful ?
We talked in the past of Netflow, the good concept used by "Cisco", how
do you see working with it ?
At least, two choices :
- Using Bro as a Netflow concentrator.
- Using a dedicated tool to capture the flows and then use "Bro" to inspect data.
I work all the day with the "flow-tools" package from "OSU" but there are several
others floating around and each one with different format.
And what about the future things to come (the famous TODO) ?
Do there's a GUI or something likes this in order to see the various alerts ?
I saw there's perhaps "Brooery" but is it available ?
A tool likes this is very valuable if we plan to install the IDS to people
with a minimum of background with computers.
the Brooery was an experimental prototype and not in shape for everyday
use, sorry.
And what about the future things to come (the famous TODO) ?
Both approaches seem to be reasonable. There has been some
discussion of integrating NetFlow into Bro for some time now but, as
far as I'm aware of, nothing concrete has materialized yet. It's on
our radar though and indeed part of a planned future project (with
no concrete time schedule yet though).
I was on the discussion about the Netflow's feature in the past but you're
right, nothing has materialized. So it may be time...
Netflow technology is very used today both for network/security purposes so
i'll think about this.
