Database Use Cases

From BroWiki

Jump to: navigation, search

Database Use Cases

This page is here to document example use cases for how database support in Bro might be utilized. It can be used like a public brainstorming page.


Inserting Into a Database

  • Inserting the output of logs into a table in the database. For example, we generate our own extended SMTP logs which we want to insert directly into a database. The log we are currently generating is a single log line for each smtp session. --Seth 10:31, 8 April 2008 (PDT)


Querying From a Database

  • Looking up a "set" of known things from a database. For example: known malicious HTTP URLs, known malicious host/port pairs, known malicious domain names (like from http://malwaredomains.com/), message-ids or email addresses for known phishing emails. --Seth 10:31, 8 April 2008 (PDT)
Retrieved from "http://bro-ids.org/wiki/index.php/Database_Use_Cases"
Personal tools