Menu

About
About

back
Research and Capabilities
Research and Capabilities

back
Publications
Publications

back
News and Events
News and Events

back
- News
- Events
- SEI Bulletin
Education and Outreach
Education and Outreach

back
Careers
Careers

back

Software Engineering Institute | Carnegie Mellon University

Software Engineering Institute | Carnegie Mellon University

SEI Menu
About
Research and Capabilities
Publications
News and Events
- News
- Events
- SEI Bulletin
Education and Outreach
Careers

Home Digital Library Minimizing the Gaps with Bro, GRR, and Elk (Brogrrelk)

Digital Library

Advanced Search

Advanced Search

Keywords Phrases

ISBN

Content Type

Annual Report
Article
Audio
Book Chapter
Book
Brochure
CERT Research Report
Collection
Conference Paper
Curriculum Module

Educational Material
Fact Sheet
Form
Handbook
Maturity Module
Newsletter
Podcast
Poster
Presentation
Security Improvement Module

Software
Special Report
Technical Note
Technical Report
User's Guide
Video
Webinar
White Paper

Subjects

Acquisition Support
Agile
Big Data
CERT/CC
CMMI
CSIRTs
Cloud Computing
Critical Infrastructure Protection
Cyber Risk and Resilience Management
Cyber-Physical Systems
Cybersecurity Engineering
DevOps
Digital Intelligence and Investigation
FloCon
Forensics
Governance
Incident Handling
Incident Management
Insider Threat
MERIT

Malware Analysis
Measurement and Analysis
Network Situational Awareness
OCTAVE
People CMM
Performance and Dependability
Pervasive Mobile Computing
Predictability by Construction
Privacy
Process Improvement
Research Review
Resilience Management Model (RMM)
Risk Assessment
Risk and Opportunity Management
SATURN
SQUARE
Science of Cybersecurity
Secure Coding
Security Training
Service-Oriented Architecture

Smart Grid Maturity Model
Software Architecture
Software Assurance
Software Product Lines
Software Solutions Symposium
Supply Chain Assurance
Survivability Analysis Framework (SAF)
Survivability and Information Assurance (SIA)
System of Systems
TSP
TSP Symposium
Technical Debt
Technical Debt Workshop
Threat
Ultra-Large-Scale Systems
Vulnerability Analysis
Workforce Development

Publication Date

From:

To:

Presentation

Minimizing the Gaps with Bro, GRR, and Elk (Brogrrelk)

January 2016
By David Zito (Northrop Grumman Information Systems)
The presentation describes a solution that allows incident responders to conduct multiple data collection tasks from one platform.
Network Situational AwarenessNetwork Situational Awareness
Publisher: CERT

Abstract

This presentation, given at FloCon 2016, describes a solution that allows incident responders to conduct both host-based triage and network flow/pcap data collections, processes the data, and presents it to an incident responder, all from one platform. GRR collects data from the hosts, Bro captures data from the network, and ELK visualizes the data for incident responders.
Download

Ask a question about this Presentation

Part of a Collection

FloCon 2016 Presentations

Desktop View

Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800

Terms of Use | Privacy Statement | Intellectual Property
© 2019 Carnegie Mellon University