O'Reilly logo

The Practice of Network Security Monitoring by Richard Bejtlich

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12. Extending SO

image with no caption

So far, we’ve been working with the default installation of SO. This chapter introduces a few ways to extend it. You just need to edit a few configuration files and download some external content to get more from your SO setup.

To move beyond the “stock” SO installation, we’ll look at three ways to leverage additional functionality provided by the Bro suite:

  • Use the MD5 hashes logged by Bro with the website VirusTotal or other third-party analysis engines.

  • Configure Bro to extract binaries from network traffic, so that you can submit those artifacts to third-party analysis engines.

  • Integrate external intelligence from Mandiant’s ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required