WorkshopMaterial

From BroWiki

In July 2007, we held the first Bro Hands-On Workshop at the San Diego Supercomputer Center.

Quite a bit of material came out of this workshop, which makes a nice, up-to-date introduction into many aspects of the Bro system (as of version 1.3).

Presentations

• Bro Overview
• Bro Installation and System Configuration
• A Walk Through Bro - Basic Usage, Configuration, and Tuning
• Overview of Bro's Scripting Language
• Advanced Scripting Topics: State Management, Debugging & Profiling, Asynchronous Code, and Signatures
• Bro Communication
• Overview of the Time Machine
• Pointers to Further Information, and Future Plans

Application and Deployment Examples:

• Bro as an IPS at LBNL
• Implementing the Bro Shell
• Custom Bro analysis at OSU

Exercises

• Basic Bro Operation
• Implementing a Simple Scan Detector
• Building a Profile of Local Network Services
• Application-layer IRC analysis
• Bro Communication
• Monitoring for Activity Fingerprints

The workshop's agenda page has some templates to help solving these exercises as well as a set of example solutions.