BRO IDS

BRO IDS normalizes BRO IDS events and enables you to analyze BRO IDS data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

Release version: 5.0.0

Release Date: May 14, 2020

Supported On: Logpoint v6.0.0 and later

Download: BROIDS_5.0.0.pak

SHA256: 6ab239b07012788694140ad248db3df4bf375ea38ae21d1e1eaafa4923611a14

Package Details

It consists of the following components:

1. Dashboard Package
   
   • LP_Bro IDS
2. Normalization Package
   
   • LP_BRO IDS 

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

1. Download the .pak file from the Download link above. 
2. Add the required BRO IDS as a device in Logpoint.
3. Create a collection policy with the Syslog collector and an appropriate processing policy.  
4. Assign the policy to the device.
5. Add the dashboard.

Supported Version

BRO IDS v2.5.x

Log Format

Expected Log Format

BRO IDS

Log Sample

t=1169xxxxx.xxxxx no=PortScan na=NOTICE_ALARM_ALWAYS sa=xxx.xxx.x.xxx sp=12345/tcp da=xxx.xxx.x.xxx dp=123/tcp msg=1.1.1.1\ has\ scanned\ xx\ ports\ of\ xxx.xxx.x.xxx tag=@x

To export data to Logpoint use the Syslog collector on port 514 on the Logpoint server.

Support

If you have any queries or require assistance, create a support ticket.

Best regards,