This is a collection of Bro and bash scripts that when run from the same directory on a Linux distro with bro installed; will pull information such as active HTTP conns, FTP conns, DNS Request/Responses, And a live(-20 seconds) feed for files transmitted. It also carves the various types of files at the same time. They can be run against snort logs or pcaps. Each section is displayed on the terminal with each being represented by different colors. Written by @realSlacker007. If there are any questions or suggestions to add to this script send an email or leave a comment at slacker007@cybersyndicates.com.
GitHub - slacker007/Bro-NetworkSecurityMonitoring: collection of bro and bash scripts that when run from the same directory on Linux distro with bro installed, will pull information such as active HTTP conns, FTP conns, etc. It also carves various types of files at the same time. They can be run against snort logs or pcaps