Hello,

 

When a bro script detects something, how can you go about resolving the issues that caused it (assuming it wasn’t noise that caused it)? Is there something that I change in Bro or is this something that would be covered in the corporate compliance / security?

 

Following up with that what is the best practice to analyze the packet captures from Bro to determine if there is an actual issue? I am currently looking into Splunk as a log parser.

 

 

 

 

Best regards,

 

Andrew Dellana

Intern

________________________