So far, we’ve been working with the default installation of SO. This chapter introduces a few ways to extend it. You just need to edit a few configuration files and download some external content to get more from your SO setup.
To move beyond the “stock” SO installation, we’ll look at three ways to leverage additional functionality provided by the Bro suite:
Use the MD5 hashes logged by Bro with the website VirusTotal or other third-party analysis engines.
Configure Bro to extract binaries from network traffic, so that you can submit those artifacts to third-party analysis engines.
Integrate external intelligence from Mandiant’s ...