BroCon '15
In this talk we demonstrate incident detection and analysis with Bro at Berkeley Lab. We will review several incidents over the last year and show how we use Bro to prevent reconnaissance, detect miscreant activity, and perform detailed network forensics. We will also review some of the scripts and capabilities of Bro we have implemented as a results of recent incidents. This talk is presented by Aashish Sharma & Vincent Stoffer.
Scripts:
- irc-2.0
- irc_sessions
- persistent_talkers
- rdp-block-scanners
- shellshock-detailed
- sip-scan
- sip-scans
- sip-schock
- smtp-thrsholds