https://github.com/binorassocies/brostash

brostash: Linux distribution based on Debian and focusing on network security events collection
https://github.com/binorassocies/brostash

bro bro-ids debian elk filebeat linux linux-distribution packetbeat pf-ring security

Last synced: 24 days ago
JSON representation

brostash: Linux distribution based on Debian and focusing on network security events collection

• Host: GitHub
• URL: https://github.com/binorassocies/brostash
• Owner: binorassocies
• License: gpl-3.0
• Created: 2016-03-16T23:41:41.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2020-08-30T16:51:31.000Z (about 4 years ago)
• Last Synced: 2024-09-29T15:04:25.106Z (about 1 month ago)
• Topics: bro, bro-ids, debian, elk, filebeat, linux, linux-distribution, packetbeat, pf-ring, security
• Language: Shell
• Homepage:
• Size: 51.8 KB
• Stars: 34
• Watchers: 5
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Brostash

Linux distribution based on Debian and focusing on network security events collection. It comes with the following extra packages/tools:

* [Zeek(Bro) IDS](https://www.zeek.org/) (version: 2.6.1): compiled with PF_RING support.

* [PF_RING](http://www.ntop.org/products/packet-capture/pf_ring/) (version: 7.2.0): to speed up the packet processing.

* [Filebeat](https://www.elastic.co/products/beats/filebeat) (version: 6.6): for log shipping.

* [Packetbeat](https://www.elastic.co/products/beats/packetbeat) (version: 6.6): for network data shipping. Lightweight optional replacement of Bro.

To deploy brostash on a rasberry pi or build an elastic cluster to store the generated logs, check the ansible playbooks in [brostash-devops](https://github.com/binorassocies/brostash-devops). Also the repository [brostash-pipeline](https://github.com/binorassocies/brostash-pipeline) provides a collection of Logstash filters for different types of Bro logs.