Presented at
BSides Austin 2017,
May 4, 2017, 3 p.m.
(60 minutes).
The path from Bro IDS to Python should be easy. Given the popularity of Bro and the fact that Python is the lingua franca of security, having a super simple Bro to Python path should already exist. There are several paths but none are simple. This talk will discuss various approaches to pulling Bro IDS data into Python and provide several alternatives of various difficulty. We'll also provide code and a python package for download and use.
Presenters:
-
Brian Wylie
Brian is an avid Python developer and works on several popular (well kinda, sorta popular-ish) open source projects on Github:
- Security Workbench: github.com/SuperCowPowers/workbench
- Chains(Python Networking): github.com/SuperCowPowers/chains
- Data Hacking: github.com/ClickSecurity/data_hacking
- DPKT: github.com/kbandla/dpkt
- PyPCAP: github.com/pynetwork/pypcap
-
Mike Sconzo
Mike Sconzo has been around the Security Industry for quite some time, and is interested in creating and implementing new methods of detecting unknown and suspicious network activity as well as different approaches for file/malware analysis. This includes looking for protocol anomalies, patterns of network traffic, and various forms of static and dynamic file analysis. He works on reversing malware, tool creation for analysis, and threat intelligence. Currently a lot of his time is spent doing data exploration and tinkering with statistical analysis and machine learning.
Links:
Similar Presentations: