I’m curious as to what people use as a GUI for Bro in production. I’m aware that there are a few options out there, but I’d like to know what the consensus is on preferred approach.
Items I am interested in…
Bro log details/analysis
Bro policy definition
Appreciate your thoughts!
There is no existing GUI for most of this. The only one that people have really approached is in log analysis and most people use splunk for those, although some people are starting to use ElasticSearch with Kibana for that.
Many folks use ELSA as well.
This is not an endorsement of anything, but we use Splunk and there is:
But these do nothing for administration of Bro. Though I could see as we daemonize broctl someone writing a nice web interface for that for Bro 2.4.
Depending on what 'administration' consists of, some users have written Web UIs to perform some tasks. For example, we have an in-house Django app that generates intelligence files. Justin has a Django app that generates generic tables for Bro. His would include the intel file use case, but was not as user friendly as I needed.