> On Feb 3, 2015, at 6:23 PM, Robin Sommer <[email protected]> wrote: > > Out of a discussion with Seth and Vlad this morning, I put togehter a > project description for integrating Bro with osquery as a host-based > sensor, using Broker for communication. > > https://www.bro.org/development/projects/osquery.html
That’s a really nice summary. Thanks! Also, I spent a bit of time digging through the osquery source yesterday and it looks like it’s possible with the api they expose to submit new queries into osqueryd dynamically so that we could just start up osqueryd and Bro would send over all of the queries that we would like the host to run. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
