Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.
This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on container based training environment. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.
Students should be well versed in TCP/IP and networking fundamentals and come prepared with a workstation (Linux, Windows or Mac) with an SSH client to connect to the training environment.
Speaker Info:
Liam Randall - CEO, Critical Stack
Liam (@Hectaman) founded Critical Stack to containerize security infrastructure. He has focused on end-user training, application development and advanced NSM at large scale. A frequent speaker at security conferences you can usually find him training users on the Bro Platform at workshops, conferences or online.