Showing posts from December, 2013

Follow up on C3CM: Pt 2 – Bro with Logstash & Kibana (read Applied NSM)

In September I covered using Bro with Logstash and Kibana as part of my C3CM (identify, interrupt, and counter the command, control, and communications capabilities of our digital assailants)series in toolsmith. Two very cool developments have since taken place that justify follow-up:

1) In November Jason Smith (@automayt)  posted Parsing Bro 2.2 Logs with Logstash on the Applied Network Security Monitoring blog. This post exemplifies exactly how to configure Bro with Logstash and Kibana, and includes reference material regarding how to do so with Doug Burk's (@dougburks) Security Onion (@securityonion).

2) Additionally, please help me in congratulating Chris Sanders (@chrissanders88), lead author, along with contributing authors, the above-mentioned Jason Smith, as well as David Bianco (@DavidJBianco)  and Liam Randall (@hectaman),  on the very recent publication of the book the Applied NSM blog supports: Applied Network Security Monitoring: Collection, Detection, and Analysis, a…

toolsmith: Hey Lynis, Audit This