icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Minimizing the Gaps with Bro, GRR, and Elk (Brogrrelk)

Presentation
By
The presentation describes a solution that allows incident responders to conduct multiple data collection tasks from one platform.
Publisher

Software Engineering Institute

Topic or Tag

Abstract

This presentation, given at FloCon 2016, describes a solution that allows incident responders to conduct both host-based triage and network flow/pcap data collections, processes the data, and presents it to an incident responder, all from one platform. GRR collects data from the hosts, Bro captures data from the network, and ELK visualizes the data for incident responders.

SHARE
Download PDF
Part of a Collection

FloCon 2016 Presentations
Ask a question about this Presentation

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.