Brostash

Linux distribution based on Debian and focusing on network security events collection. It comes with the following extra packages/tools:

• Zeek(Bro) IDS (version: 2.6.1): compiled with PF_RING support.

• PF_RING (version: 7.2.0): to speed up the packet processing.

• Filebeat (version: 6.6): for log shipping.

• Packetbeat (version: 6.6): for network data shipping. Lightweight optional replacement of Bro.

To deploy brostash on a rasberry pi or build an elastic cluster to store the generated logs, check the ansible playbooks in brostash-devops. Also the repository brostash-pipeline provides a collection of Logstash filters for different types of Bro logs.