NSM And More With Bro Network Monitor presented at Shmoocon 2013

by Liam Randall,

Tags: Security

Summary : Bro is a stateful, protocol aware open source high speed network monitor with applications as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence, and dynamic active response. Originally developed by Vern Paxson, he now leads the core team of developers/researchers at both the International Computer Science Institute in Berkeley, CA and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Bro provides a security team with logs of highly structured data about their network, a turing complete scripting language through which they can interact with real time stateful network events, and flexible open interfaces through which Bro can be programmed. Pragmatically able to interface with the entire network stack Bro includes support for IPv6, tunneled traffic, SSL and more. In this presentation we present multiple case studies and are releasing their corresponding Bro scripts with source.
Bro Introduction: Overview of Events and Logs
Beyond signature based IDS; utilizing Bro as a programmatic network monitor to detect events
Real time passive network service discovery with Bro on complex traffic links (MPLS/IPv4/ IPv6)
Brotego: a Bro/Maltego integration for incident response and network analysis