Bro is a stateful, protocol aware open source high speed network monitor with applications as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence, and more. With a powerful event based programming language at the core the Bro Platform ships with powerful frameworks- signature detection, the ability to extract and analyze files, capability to integrate massive amounts of local and external intel all at incredibly high rates. Using a hands on approach and by replaying dozens of pcaps through Bro we will focus on equipping attendees with real world practical skills they can immediately take back to their organizations. This four hour crash course will equip attendees with the practical knowledge they need to install, administrate, and customize Bro for their specific use; while we will focus on using the built in features of Bro, we will also briefly cover the programming model.
Attendees should have a working knowledge of both TCP/IP and a basic familiarity with a Linux shell. They should come prepared with an x86 based machine capable of running a provided VirtualBox x64 bit VM; Windows, Linux or Mac machines should all work just fine.