Bro is a stateful, protocol aware open source high speed network monitor with applications as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence, and dynamic active response. Originally developed by Vern Paxson, he now leads the core team of developers/researchers at both the International Computer Science Institute in Berkeley, CA and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Bro provides a security team with logs of highly structured data about their network, a turing complete scripting language through which they can interact with real time stateful network events, and flexible open interfaces through which Bro can be programmed. Pragmatically able to interface with the entire network stack Bro includes support for IPv6, tunneled traffic, SSL and more. In this presentation we present multiple case studies and are releasing their corresponding Bro scripts with source.