Next:
Overview of Bro
, Up:
(dir)
Bro User Manual
© Lawrence Berkeley National Laboratory
Table of Contents
Bro User Manual
1 Overview of Bro
1.1 What is Bro?
1.2 Bro features and benefits
1.3 Getting more Information
2 Requirements
2.1 Network Tap
2.2 Hardware and Software Requirements
3 Installation and Configuration
3.1 Download
3.2 Install
3.3 Bro Configuration
3.4 OS Configuration
3.5 Encrypted Reports
3.6 Generating Reports on a Separate Host
3.7 Web GUI Installation / Configuration
4 Running Bro
4.1 Starting Bro
4.2 Bro Scripts
4.3 Sending (E-mail) Bro Reports
4.4 Reading a Bro Report
4.4.1 Parts of a Report
4.4.2 Annotated Example Report:
5 Analysis of Incidents and Alarms
5.1 Two Types of Triggers
5.1.1 Converted Signatures
5.1.2 Embedded Bro Rule
5.2 General Process Steps
5.3 Understand What Triggered the Alarm(s)
5.3.1 Converted Snort Signatures
5.3.2 Embedded Bro Rule
5.4 Understand the Intent of the Alarm(s)
5.4.1 Converted Snort© Signatures
5.4.2 Embedded Bro Rule
5.5 Examine HTTP FTP or SMTP Sessions
5.6 Examine the Connection and Weird Logs
5.6.1 Breakin Indicators
5.6.2 Connections to Other Computers
5.6.3 Odd Activity
5.7 Examine the Bulk Trace if Available
5.8 Contact and Question Appropriate People
6 Customizing Bro
6.1 Policy Files
6.2 Notices
6.3 Notice Actions
6.4 Signatures
6.4.1 Turning Signatures ON/OFF
6.4.2 Add a New Signature
6.4.3 Editing Existing Signatures
6.4.4 Importing Snort Signatures
6.4.5 Checking for new Signatures from bro-ids.org
6.5 Tuning Scan Detection
6.6 Other Customizations
7 Intrusion Prevention Using Bro
7.1 Teminating a connection
7.2 Updating Router ACL
8 Performance Tuning
8.1 Hardware and OS Tuning
8.2 Bro Policy Tuning
9 Bulk Traces and Off-line Analysis
9.1 Bulk Traces
9.2 Off-line Analysis
Appendix A Bro Directory and Files
A.1 The bro/bin Directory
A.2 The bro/etc Directory
A.3 The bro/var Directory
A.4 The bro/scripts Directory
A.5 The bro/policy Directory
A.6 The bro/site Directory
A.7 The bro/logs Directory
A.8 The bro/archive Directory
A.9 Other Files
Index
Bro User Manual
Overview of Bro
Requirements
Installation and Configuration
Running Bro
Analysis of Incidents and Alarms
Customizing Bro
Intrusion Prevention Using Bro
Performance Tuning
Bulk Traces and Off-line Analysis
Bro Directory and Files
Index
: Index