When a bro script detects something, how can you go about resolving the issues that caused
it (assuming it wasn't noise that caused it)? Is there something that I change in Bro
or is this something that would be covered in the corporate compliance / security?
Following up with that what is the best practice to analyze the packet captures from Bro
to determine if there is an actual issue? I am currently looking into Splunk as a log