New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CapME with a new option to query Bro conn.log via ELSA #348

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
- Extend Bro's conn.log to include the name of the Bro worker that saw 
the connection (HOSTNAME-INTERFACE). 
- Extend CapMe to query the ELSA API (instead of the Sguil sancp 
table) for the src/dst IP/port and parse the name of the worker out of 
the result. 
- CapMe then submits a cliscript request to the pcap_agent with the 
same name as the Bro worker (HOSTNAME-INTERFACE) to retrieve the 
transcript. 

https://groups.google.com/d/topic/security-onion/CpsJKY9yC04/discussion

Original issue reported on code.google.com by doug.bu...@gmail.com on 19 Jun 2013 at 2:11

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Submitted to testers.

Original comment by doug.bu...@gmail.com on 4 Jul 2013 at 10:50

  • Changed state: Started
  • Added labels: ****
  • Removed labels: ****
Submitted to testers.

Original comment by doug.bu...@gmail.com on 4 Jul 2013 at 10:50

  • Changed state: Started
  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Tested by:
Matt Gregory
David Zawdie
Michal Purzynski

Original comment by doug.bu...@gmail.com on 11 Jul 2013 at 10:21

  • Added labels: ****
  • Removed labels: ****
Tested by:
Matt Gregory
David Zawdie
Michal Purzynski

Original comment by doug.bu...@gmail.com on 11 Jul 2013 at 10:21

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Published:
http://securityonion.blogspot.com/2013/07/new-securityonion-bro-scripts-and.html

Original comment by doug.bu...@gmail.com on 11 Jul 2013 at 11:24

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Published:
http://securityonion.blogspot.com/2013/07/new-securityonion-bro-scripts-and.html

Original comment by doug.bu...@gmail.com on 11 Jul 2013 at 11:24

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment