Bro to Python

Presented at BSides Austin 2017, May 4, 2017, 3 p.m. (60 minutes)

The path from Bro IDS to Python should be easy. Given the popularity of Bro and the fact that Python is the lingua franca of security, having a super simple Bro to Python path should already exist. There are several paths but none are simple. This talk will discuss various approaches to pulling Bro IDS data into Python and provide several alternatives of various difficulty. We'll also provide code and a python package for download and use.

Presenters:

• Mike Sconzo
  Mike Sconzo has been around the Security Industry for quite some time, and is interested in creating and implementing new methods of detecting unknown and suspicious network activity as well as different approaches for file/malware analysis. This includes looking for protocol anomalies, patterns of network traffic, and various forms of static and dynamic file analysis. He works on reversing malware, tool creation for analysis, and threat intelligence. Currently a lot of his time is spent doing data exploration and tinkering with statistical analysis and machine learning.
• Brian Wylie
  Brian is an avid Python developer and works on several popular (well kinda, sorta popular-ish) open source projects on Github: - Security Workbench: github.com/SuperCowPowers/workbench - Chains(Python Networking): github.com/SuperCowPowers/chains - Data Hacking: github.com/ClickSecurity/data_hacking - DPKT: github.com/kbandla/dpkt - PyPCAP: github.com/pynetwork/pypcap

Links:

• https://bsidesaustin2017.sched.com/event/AP2D/bro-to-python

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Python 3: It’s Time
• BSidesLV 2015 / Maximizing Bro Detection
• BruCON 0x0A (2018) / Introduction to Bro Network Security Monitor Workshop