A security event pipeline using Bro, Kafka, and FreeBSD Jails

With the help of the Bro Kafka plug-in, we’ll configure Bro to stream JSON-formatted logs through Kafka and use python to subscribe and print events from the stream. This tutorial uses FreeBSD 11.1-RELEASE. But can easily be adapted to Linux installations. How do you monitor events from multiple Bro sensors throughout a network? Do you… Continue reading A security event pipeline using Bro, Kafka, and FreeBSD Jails

Bro on FreeBSD Using Netmap

NETMAP is a framework for very fast packet I/O from userspace with support for FreeBSD, Linux, and even Windows. Here, we’ll show how to set Bro up to use it. Bro provides support for monitoring interfaces using netmap. However, as of FreeBSD 11.1 (bro-2.5.1) the binary package doesn’t ship with the needed netmap plugin. Furthermore,… Continue reading Bro on FreeBSD Using Netmap