Patrick Cain
President,
The Cooper-Cain Group, Inc.
Watchman: Turning Bro into a True IDS
Thursday, April 12 | 9:15AM–10:15AM ET | Maryland Ballroom E, Fifth Floor
Session Type:
Breakout Session
Delivery Format:
Interactive Presentation
Bro is a great tool for transforming raw network traffic into streams of useful logs for consumption by a security analyst. To get data beyond plain text logging, many organizations have added massive ElasticSearch databases to add better "search" capability. Unfortunately, this didn't give analysts a way to create actual incidents on the information in the databases. In this presentation, we will explain how BC closed the detection loop and automated Bro detection to transform the raw data into true events. We will also discuss the architecture and technology to process and consume this data at speed for a medium-sized Bro deployment.
Outcomes: Be able to plan a reasonably sized ElasticSearch cluster for Bro data * Spot common performance problems with your cluster and get solutions to fix them * Discover the new Watchman tool to better utilize your Bro data
Outcomes: Be able to plan a reasonably sized ElasticSearch cluster for Bro data * Spot common performance problems with your cluster and get solutions to fix them * Discover the new Watchman tool to better utilize your Bro data
