Bro - PSJoshi/Notes GitHub Wiki
-
Bro Analysis Tools (BAT): Processing and analysis of Bro network data with Pandas, scikit-learn, and Spark - https://github.com/Kitware/bat
-
Basic Anomaly IDS capabilities with Python and Bro - https://github.com/hashtagcyber/bropy
-
How to Hunt Command & Control Channels Using Bro IDS and RITA - https://www.blackhillsinfosec.com/how-to-hunt-command-and-control-channels-using-bro-ids-and-rita/
-
Building data pipeline for Bro logs - http://www.binorassocies.com/en/blogs/2017/09/logstash-bro-example.html
-
Analyze threat intelligence with Bro - https://blog.apnic.net/2017/03/13/analyze-threat-intel-bro/
-
Bro-RasberryPi integration - https://github.com/binorassocies/brostash
-
Bro some useful scripts - https://github.com/anthonykasza/scratch_pad
-
Bro write snort like signatures - https://www.bro.org/sphinx/frameworks/signatures.html
-
Exfilteration Bro scripts from Evernote security - https://github.com/evernote/bro-scripts
-
Bro useful script from reservoir labs - https://github.com/reservoirlabs/bro-scripts
-
Producer-consumer ratio for data ex-filteration:
-
Bro to hunt persistent threats - https://www.bro.org/brocon2017/slides/persistent_threats.pdf
-
Bro customization scripts - https://gist.github.com/mavam/5028034
-
Bro file analysis - https://www.bro.org/current/slides/file_analysis-Bill_Stackpole.pdf
-
Bro logs cheatsheet - http://gauss.ececs.uc.edu/Courses/c5155/pdf/bro_log_vars.pdf
-
Modern cyber security stack using Bro - http://www.icir.org/robin/slides/ntnu17-bro-stack.pdf
-
Network security monitoring using Bro platform - https://cacr.iu.edu/files/documents/pdf/broverview-nsf-cacr-2016.pdf
-
Bro with OSquery integration - https://github.com/bro/bro-osquery
-
Bro DNS injections, SQL injections - https://securitylab.disi.unitn.it/lib/exe/fetch.php?media=teaching:netsec:2016:reports:t12:relation_netsec_lab.pdf
-
Bro doctor - Useful for debugging of Bro cluster issues - https://github.com/ncsa/bro-doctor
-
Bro modules for entropy and file extraction - https://github.com/BrashEndeavours/bro-scripts
Interesting papers
- Protocol detection capabilities in Bro - https://digirola.files.wordpress.com/2012/11/imt4022-digitalforensicsii_rogerlarsen_2012-06_final.pdf
- On using machine learning in network intrusion detection - https://digirola.files.wordpress.com/2012/11/imt4022-digitalforensicsii_rogerlarsen_2012-06_final.pdf
Encrypted traffic analysis using Bro/Zeek
- JA3 asking for a friend (2019) - https://www.youtube.com/watch?v=HrP6Ep3xgQM&t=684s
- Network forensics in an encrypted world (2017 but covers a lot of indicators you can hunt on) - https://www.youtube.com/watch?v=APHlvFaUEKE&t=1930s
- Encrypted things: Network detection and response in an encrypted world - https://www.youtube.com/watch?v=HPvIGP2mgbI&t=2667s
- Security Onion Conference 2019: Finding traffic anomalies using SSL certificates - https://www.youtube.com/watch?v=-WD9BWlENwc&t=762s