bro-cut
small auxiliary tools for Bro
Install
- All systems
-
curl cmd.cat/bro-cut.sh
- Debian
-
apt-get install bro-aux - Ubuntu
-
apt-get install bro-aux - Kali Linux
-
apt-get install bro-aux - Fedora
-
dnf install bro - Windows (WSL2)
-
sudo apt-get updatesudo apt-get install bro-aux - OS X
-
brew install bro - Raspbian
-
apt-get install bro-aux - Dockerfile
- dockerfile.run/bro-cut
bro-aux
small auxiliary tools for Bro
This package provides handy auxiliary programs related to the use of the Bro Network Security Monitor. The “adtrace” utility is used to compute the network address that compose the internal and extern nets that bro is monitoring. The “bro-cut” utility reads ASCII Bro logs on standard input and outputs them with only the specified columns (if no column names are specified, then all columns are output). The "nfcollector" and "ftwire2bro" utilities are for dealing with Bro’s custom file format for storing NetFlow records.
bro-core
The core bro installation without broctl
bro
passive network traffic analyzer
Bro is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. Bro comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others.