Software Engineering Institute

Minimizing the Gaps with Bro, GRR, and Elk (Brogrrelk)

January 14, 2016 • Presentation

By

David Zito (Northrop Grumman Information Systems)

The presentation describes a solution that allows incident responders to conduct multiple data collection tasks from one platform.

Publisher

Software Engineering Institute

Subjects

Flocon Situational Awareness

Abstract

This presentation, given at FloCon 2016, describes a solution that allows incident responders to conduct both host-based triage and network flow/pcap data collections, processes the data, and presents it to an incident responder, all from one platform. GRR collects data from the hosts, Bro captures data from the network, and ELK visualizes the data for incident responders.

Download PDF

Part of a Collection

FloCon 2016 Presentations

Ask a question about this Presentation

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.

Software Engineering Institute

Minimizing the Gaps with Bro, GRR, and Elk (Brogrrelk)

January 14, 2016 • Presentation

By David Zito (Northrop Grumman Information Systems)

Publisher

Subjects

Abstract

SHARE

Part of a Collection

By

David Zito (Northrop Grumman Information Systems)