The Bro Package Manager and You Seth Hall Chief Evangelist - PowerPoint PPT Presentation

The Bro Package Manager and You Seth Hall Chief Evangelist Corelight, Inc

About Me Bro at all of them! • - Incident Responder • - Detection-Response Architect • - Core Bro developer • - Co-founder & Chief Evangelist

Funded by

aux/plugins?

Simple to install $ sudo pip install bro-pkg More complete docs… http://bro-package-manager.readthedocs.io/en/stable/quickstart.html

Configure and Integrate • If Bro isn’t in your path… • $ export PATH=/opt/bro/bin/:$PATH • $ mkdir ~/.bro-pkg • $ bro-pkg autoconfig > ~/.bro-pkg/config • @load packages • You may need to deal with some permission issues, but it’s documented! Please take a look at the docs!

Bundles for DevOps $ bro-pkg bundle my-stu ff .bundle Move my-stu ff .bundle over to another machine... $ bro-pkg unbundle my-stu ff .bundle

What’s out there? • Update the local list of global packages • $ bro-pkg refresh • Get the list of packages • $ bro-pkg list all

What’s out there? bro/0xxon/bro-postgresql bro/j-gras/bro-lognorm bro/0xxon/bro-sumstats-counttable bro/j-gras/intel-extensions bro/corelight/bro-drwatson bro/joesecurity/Joe-Sandbox-Bro bro/corelight/bro-hardware bro/jonzeolla/scan-sampling bro/corelight/bro-long-connections bro/jsiwek/bro-test-package bro/corelight/bro-shellshock bro/jswaro/tcprs bro/corelight/bro-xor-exe-plugin bro/ncsa/bro-doctor bro/corelight/top-dns bro/ncsa/bro-interface-setup bro/dopheide/bro_notice_correlation bro/ncsa/bro-is-darknet bro/dopheide/venom bro/ncsa/bro-simple-scan bro/hhzzk/dns-tunnels bro/pgaulon/bro-notice-slack bro/hosom/file-extraction bro/scebro/ldap-analyzer bro/hosom/log-filters bro/sethhall/bro-brainfuck bro/initconf/CVE-2017-5638_struts bro/sethhall/bro-myricom bro/initconf/CVE-2017-5638_struts.git bro/sethhall/credit-card-exposure bro/initconf/phish-analysis bro/sethhall/domain-tld bro/initconf/scan-NG bro/sethhall/ssn-exposure bro/initconf/smtp-url-analysis bro/sethhall/unknown-mime-type-discovery bro/j-gras/add-json bro/srozb/dns_axfr bro/j-gras/bro-af_packet-plugin bro/theflakes/bro-large_uploads

What’s out there? 40 Packages! bro/0xxon/bro-postgresql bro/j-gras/bro-lognorm bro/0xxon/bro-sumstats-counttable bro/j-gras/intel-extensions bro/corelight/bro-drwatson bro/joesecurity/Joe-Sandbox-Bro bro/corelight/bro-hardware bro/jonzeolla/scan-sampling bro/corelight/bro-long-connections bro/jsiwek/bro-test-package bro/corelight/bro-shellshock bro/jswaro/tcprs bro/corelight/bro-xor-exe-plugin bro/ncsa/bro-doctor bro/corelight/top-dns bro/ncsa/bro-interface-setup bro/dopheide/bro_notice_correlation bro/ncsa/bro-is-darknet bro/dopheide/venom bro/ncsa/bro-simple-scan bro/hhzzk/dns-tunnels bro/pgaulon/bro-notice-slack bro/hosom/file-extraction bro/scebro/ldap-analyzer bro/hosom/log-filters bro/sethhall/bro-brainfuck bro/initconf/CVE-2017-5638_struts bro/sethhall/bro-myricom bro/initconf/CVE-2017-5638_struts.git bro/sethhall/credit-card-exposure bro/initconf/phish-analysis bro/sethhall/domain-tld bro/initconf/scan-NG bro/sethhall/ssn-exposure bro/initconf/smtp-url-analysis bro/sethhall/unknown-mime-type-discovery bro/j-gras/add-json bro/srozb/dns_axfr bro/j-gras/bro-af_packet-plugin bro/theflakes/bro-large_uploads

corelight/bro-long-connections New log: conn_long.log $ bro-pkg install corelight/bro-long-connections

joesecurity/Joe-Sandbox-Bro Upload files to a JOE Sandbox $ bro-pkg install joesecurity/Joe-Sandbox-Bro

Configuration?!

sethhall/unknown-mime-type-discovery New log: unknown_mime_type_discovery.log $ bro-pkg install sethhall/unknown-mime-type-discovery

ncsa/bro-doctor BroCtl plugin to help diagnose problems $ bro-pkg install ncsa/bro-doctor

pgaulon/bro-notice-slack Notice action to send notices to Slack. $ bro-pkg install pgaulon/bro-notice-slack

Rethink how configuration works Future B r o P a c k a g e M a n a g e r w Rethinking how parts of Bro e b s i t e are distributed

http://bro-package-manager.readthedocs.io/en/stable/ (or type “bro package manager” into google)

The Bro Package Manager and You Seth Hall Chief Evangelist - PowerPoint PPT Presentation

The Bro Package Manager and You Seth Hall Chief Evangelist Corelight, Inc About Me Bro at all of them! - Incident Responder - Detection-Response Architect - Core Bro developer - Co-founder & Chief Evangelist Funded by

Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or

The Nix Package Manager Eelco Dolstra e.dolstra@tudelft.nl Delft University of Technology, EWI,

Opyum: offline package management with Yum -- Debarshi Ray What is it? An offline package

Hunter Hunter a CMake driven cross-platform package manager for C/C++ projects Daniel Friedrich

Multiple Sewershed Package 10B - Open Cut M. Antonio Leyva, P .E. Manager Engineering

Fortran Package Manager Brad Richardson Ondrej Certik Milan Curcic FortranCon2020 Outline

Central Sewershed Package 7 - UIW M. Antonio Leyva, P .E. Manager Engineering Carmen C.

Dev Lab: Node + Express What is Node? Node.js = JavaScript + File I/O + A Package Manager or:

Parsing package docs: Part III: Using the ReadP package

Multiple Sewershed Package 8 - CIPP Carmen C. Groth, P .E., PMP , MBA Project Engineer M.

Bro Package Manager Why arent scripts being shared? Secret techniques? Organizational

Manhole to Manhole Relay Package 1 Christopher J. Jackson, P .E. Project Engineer M. Antonio

West Sewershed Package 1 Alla Korostyshevsky, P .E., PMP Project Engineer M. Antonio Leyva, P

Manhole to Manhole Relay Package 2 Steven Anthes Project Engineer M. Antonio Leyva, P .E.

Introduction to Helm Overview Helm is a package manager for Kubernetes (its packages are called

with GNU Guix for developers & power users Package managers are really useful. Package

Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Web Crawling February 4, 2020 Data Science CSCI 1951A Brown University Instructor: Ellie

Measurement Uncertainty - Error & Uncertainty Measurement errors are impossible to avoid

A Tale of Metrics Faux Pas Answers Without Questions Brian Proffitt Senior Principal Community

Hard Lessons About Soft Skills Marlena Compton & Gordon Shippey

NEW NUMBER-THEORETIC CRYPTOGRAPHIC PRIMITIVES ric Brier Houda Ferradi Marc Joye David

Peace & Hope Colossians 1:21-23 Outline Christ Our Enemy (Colossians 1:21) Christ Our

The Bro Package Manager and You Seth Hall Chief Evangelist - PowerPoint PPT Presentation

The Bro Package Manager and You Seth Hall Chief Evangelist Corelight, Inc About Me Bro at all of them! - Incident Responder - Detection-Response Architect - Core Bro developer - Co-founder & Chief Evangelist Funded by

Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or

The Nix Package Manager Eelco Dolstra e.dolstra@tudelft.nl Delft University of Technology, EWI,

Opyum: offline package management with Yum -- Debarshi Ray What is it? An offline package

Hunter Hunter a CMake driven cross-platform package manager for C/C++ projects Daniel Friedrich

Multiple Sewershed Package 10B - Open Cut M. Antonio Leyva, P .E. Manager Engineering

Fortran Package Manager Brad Richardson Ondrej Certik Milan Curcic FortranCon2020 Outline

Central Sewershed Package 7 - UIW M. Antonio Leyva, P .E. Manager Engineering Carmen C.

Dev Lab: Node + Express What is Node? Node.js = JavaScript + File I/O + A Package Manager or:

Parsing package docs: Part III: Using the ReadP package

Multiple Sewershed Package 8 - CIPP Carmen C. Groth, P .E., PMP , MBA Project Engineer M.

Bro Package Manager Why arent scripts being shared? Secret techniques? Organizational

Manhole to Manhole Relay Package 1 Christopher J. Jackson, P .E. Project Engineer M. Antonio

West Sewershed Package 1 Alla Korostyshevsky, P .E., PMP Project Engineer M. Antonio Leyva, P

Manhole to Manhole Relay Package 2 Steven Anthes Project Engineer M. Antonio Leyva, P .E.

Introduction to Helm Overview Helm is a package manager for Kubernetes (its packages are called

with GNU Guix for developers &amp; power users Package managers are really useful. Package

Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Web Crawling February 4, 2020 Data Science CSCI 1951A Brown University Instructor: Ellie

Measurement Uncertainty - Error &amp; Uncertainty Measurement errors are impossible to avoid

A Tale of Metrics Faux Pas Answers Without Questions Brian Proffitt Senior Principal Community

Hard Lessons About Soft Skills Marlena Compton &amp; Gordon Shippey

NEW NUMBER-THEORETIC CRYPTOGRAPHIC PRIMITIVES ric Brier Houda Ferradi Marc Joye David

Peace &amp; Hope Colossians 1:21-23 Outline Christ Our Enemy (Colossians 1:21) Christ Our

with GNU Guix for developers & power users Package managers are really useful. Package

Measurement Uncertainty - Error & Uncertainty Measurement errors are impossible to avoid

Hard Lessons About Soft Skills Marlena Compton & Gordon Shippey

Peace & Hope Colossians 1:21-23 Outline Christ Our Enemy (Colossians 1:21) Christ Our