Minimizing the Gaps with Bro, GRR, and Elk (Brogrrelk)
January 2016 • Presentation
David Zito (Northrop Grumman Information Systems)
The presentation describes a solution that allows incident responders to conduct multiple data collection tasks from one platform.
Abstract
This presentation, given at FloCon 2016, describes a solution that allows incident responders to conduct both host-based triage and network flow/pcap data collections, processes the data, and presents it to an incident responder, all from one platform. GRR collects data from the hosts, Bro captures data from the network, and ELK visualizes the data for incident responders.