Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

BRO IDS

Avatar Permanently deleted user
December 11, 2024 09:18
Follow
app-115004626709.png

BRO IDS normalizes BRO IDS events and enables you to analyze BRO IDS data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

Release version: 5.0.0

Release Date: May 14, 2020

Supported On: Logpoint v6.0.0 and later

Download: BROIDS_5.0.0.pak

SHA256: 6ab239b07012788694140ad248db3df4bf375ea38ae21d1e1eaafa4923611a14

Package Details

It consists of the following components:

  1. Dashboard Package
    • LP_Bro IDS
  2. Normalization Package
    • LP_BRO IDS 

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

  1. Download the .pak file from the Download link above. 
  2. Add the required BRO IDS as a device in Logpoint.
  3. Create a collection policy with the Syslog collector and an appropriate processing policy.  
  4. Assign the policy to the device.
  5. Add the dashboard.

Supported Version

BRO IDS v2.5.x

Log Format

Expected Log Format

BRO IDS

Log Sample

t=1169xxxxx.xxxxx no=PortScan na=NOTICE_ALARM_ALWAYS sa=xxx.xxx.x.xxx sp=12345/tcp da=xxx.xxx.x.xxx dp=123/tcp msg=1.1.1.1\ has\ scanned\ xx\ ports\ of\ xxx.xxx.x.xxx tag=@x

To export data to Logpoint use the Syslog collector on port 514 on the Logpoint server.

Support

If you have any queries or require assistance, create a support ticket.

Best regards,
Logo_Dark.png

Comments

Article is closed for comments.

Related articles

  • Broadcom
  • Carbon Black
  • Citrix
  • NetFlow Collector
  • FortiGate
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.