A security event pipeline using Bro, Kafka, and FreeBSD Jails

With the help of the Bro Kafka plug-in, we’ll configure Bro to stream JSON-formatted logs through Kafka and use python to subscribe and print events from the stream. This tutorial uses FreeBSD 11.1-RELEASE. But can easily be adapted to Linux installations. How do you monitor events from multiple Bro sensors throughout a network? Do you… Continue reading A security event pipeline using Bro, Kafka, and FreeBSD Jails

Install Bro on pfSense

I’ve been working with Bro a lot lately and thought it’d be worth trying to get Bro running on pfSense. In an ideal situation, you wouldn’t normally run an IDS on your firewall, but for low bandwidth installations or the budget constrained, it’ll work fine. 1. You’ll need to enable ssh access to your pfSense… Continue reading Install Bro on pfSense