Wednesday, September 21, 2016

Bro News #7

Bro News #7

Welcome to the Bro newsletter #7. This time we cover the following topics:
  • Bro Events.
  • Bro Commits: Bro v2.5 beta is here. Get your newest Bro with new features and improvements.
  • Bro Internals: Give Bro a future, join the Future Fund.

Bro Events

BroCon 2016

BroCon 2016 was hosted by TACC in Austin, Texas. About 20 hours of talks within two and a half days, we had talks from Bro team members about the newest developments, low level practical talks to improve every day work life, and also high level research talks. The new SMB analyzer seems to have had the most impact on the user community. You can read all about here.

We hear you: Our post-conference attendee survey had over 90% who liked the topics, and over 95% that they liked the way those topics were presented. Overall, we appreciate all of the feedback that we received, and while we were blown away by the overwhelmingly positive response, perhaps even more important to us are the opportunities for making BroCon even better. We'll keep all of the feedback in mind as we start the process of preparing for BroCon 2017. We had a few comments regarding the lack of talks discussing incident response. If those types of talks interest you, please consider attending Bro4Pros 2017, as that event tends to have more talks about "life in the trenches."

NSF Cybersecurity Summit 2016

Bro held a one day workshop at the NSF Cybersecurity Summit 2016.

Bro Commits: Bro 2.5 beta is here!

Bro 2.5 beta has been released. Here is a brief summary of some of the new features and improvements:

  • Bro now includes the NetControl framework. This framework allows easy interaction with hard- and software switches, firewalls, etc. 
  • Support for the SMB protocol (SMB1 and SMB2), including GSSAPI and NTLM.
  • Support for the remote framebuffer protocol (RFB), that is used by VNC servers for remote graphical display.
  • The Intelligence framework was refactored and extended. It now supports, for example subnet indicators and item deletion/expiration.
Binary packages of the beta are also available. See NEWS for preliminary release notes and CHANGES for the exhaustive commit list. Feedback is encouraged and should be sent to the Bro mailing list. As previously stated, we do not recommend using a beta release for production use.

Bro Internals: Give Bro a future, join the Future Fund.

Bro's future depends on all of you. The Bro community is a wonderful mix of different personalities and skill sets. Many of them will answer all Bro related questions in our IRC channel #bro on Freenode, and for a while now also in our Bro channel on Gitter. Others contribute to the development of Bro. We want to thank everyone who contributes to Bro in any way. We also would like to send out a call to join the Bro Future Fund, so we can continue all the work that cannot be done by volunteers only. If you appreciate Bro in your daily work and think your company or organization truly benefits from it consider a donation to help us keep up the work.

In that spirit, Corelight (formerly known as Broala) announced a donation of $100,000 at BroCon 2016. Thank you Corelight!

Thursday, August 18, 2016

Bro 2.5 Beta

We are happy to announce the beta of Bro v2.5 is available for download! Here is a brief summary of some of the new features and improvements:
  • Bro now includes the NetControl framework. This framework allows easy interaction with hard- and software switches, firewalls, etc. 
  • Support for the SMB protocol (SMB1 and SMB2), including GSSAPI and NTLM.
  • Support for the remote framebuffer protocol (RFB), that is used by VNC servers for remote graphical display.
  • The Intelligence framework was refactored and extended. It now supports, for example subnet indicators and item deletion/expiration.
Binary packages of the beta are also available.

See NEWS for preliminary release notes and CHANGES for the exhaustive commit list.

Feedback is encouraged and should be sent to the Bro mailing list. As previously stated, we do not recommend using a beta release for production use.

Thursday, July 14, 2016

@Bro_IDS: Your Bro News Feed

Since we created the Bro Twitter account @Bro_IDS in 2011, the channel has turned into one of the most effective ways for reaching out to the Bro community. Every Tweet now reaches more than 5000 followers and counting.

While @Bro_IDS serves us as a microphone for our own updates, we have also always been liberal with retweeting news from the broader Bro community, hoping to help create visibility for Bro’s diverse user population around the world. However, with the tremendous audience that @Bro_IDS is now reaching, there comes responsibility, too. To ensure that the @Bro_IDS team’s decisions remain fair and transparent, the Bro Leadership Team has recently devised a set of guidelines for the account that we would like to share.

Overall, we see @Bro_IDS as serving as a distributor of news related to Bro, covering activity from both the Bro Project itself as well as from the broader community. For the project’s own messages, we may tweet about recent developments, events that the team’s involved with, or external pointers that we deem interesting. As a general rule, if a Tweet originates from @Bro_IDS, it represents the voice of the project.

We use a different policy when retweeting from the community. Generally, we are happy to retweet Bro-related news from users and organizations; just make sure to include @Bro_IDS in your Tweet so that we will see it. This does explicitly include corporate announcements—we are happy to provide visibility for, e.g., products and services, or relevant job postings, as long as they involve a substantial Bro component. However, @Bro_IDS does not endorse external organizations or content. When we retweet, we do so from a neutral perspective, and without judgement.

Our rules for deciding what to retweet are pretty straight-forward: the Tweet must be directly related to Bro; it must not substantially overlap with anything we have already passed on recently; and it must not create the impression, directly or indirectly, that the Bro Project would endorse the content. As an exception, for non-commercial activity we may occasionally also forward news that’s not directly Bro-centric if it still appears relevant to a large part of the Bro community; examples would be the newest OpenSSL vulnerability, or an interesting research paper in the space. We usually do not retweet follow-up conversations unless there’s significant additional information that warrants an update on its own.

We believe that through this policy, @Bro_IDS can serve the Bro community as a valuable, fair source of news. To receive all the updates, make sure to follow @Bro_IDS. If you want to reach the Bro community for your announcement, include @Bro_IDS in your Tweet.

The Bro Team

Saturday, June 4, 2016

BroCon ’16 CFP deadline extended to June 10th

Bro Community,

We are extending the BroCon ’16 call for presentations deadline to Friday, June 10th. For more information about the CFP, see our blog post. And don't forget to register!

See you in September,

The Bro Project

Friday, May 27, 2016

Reminder: Upgrade your Bro installation! Stability updates in 2.4.1

Reminder: Upgrade your Bro installation! Stability updates in 2.4.1


Bro 2.5 is not far away, but in the meantime you should upgrade to Bro 2.4.1. This is the latest stable release. If you are running 2.4 the upgrade to 2.4.1 won't break your config. This release contains important fixes without changing Bro's functionality.
Not sure which one your version is? 'bro --version' will tell you.

Check the change log here.

Monday, May 23, 2016

Reminder: BroCon ’16 CFP ends Friday June 3rd

Interested in presenting at BroCon ’16 this year? Our call for presentations ends Friday, June 3rd.

We are looking for talks to represent the many applications of Bro. Suitable topics include, but are not limited to:
  • as a tool for solving problems;
  • interesting user stories, solutions, or research projects;
  • a postmortem analysis of a security incident, emphasizing Bro’s contribution;
  • the value Bro brings to your professional work;
  • and, using Bro for more than intrusion detection.
Criteria for evaluating proposals include whether the topic is applicable to multiple types of organizations, gives people ideas to take home and use, can be understood by a broad audience, or is novel to many in the audience. Scrolling through our YouTube Channel may provide some insight into the types of presentations we wish to feature. Plan on limiting your talk to 30-35 minutes with an additional 10 minutes for questions/comments.

Send abstracts (max 500 words) to: info@bro.org
Subject: BroCon 2016 Call for Presentations
Submission due date: Friday, June 3rd
Target date for announcing speakers: Friday July 1st

Proposals are selected by the Bro Leadership Team:
  • Seth Hall, International Computer Science Institute
  • Keith Lehigh, Indiana University
  • Vern Paxson, University of California at Berkeley / International Computer Science Institute
  • Michal Purzynski, Mozilla Foundation
  • Aashish Sharma, Lawrence Berkeley Lab
  • Adam Slagell, National Center for Supercomputing Applications
  • Robin Sommer, International Computer Science Institute

Tuesday, May 17, 2016

Talk to us! - The Bro team's communication channels

Talk to us! - The Bro team's communication channels

Bro is now more than 20 years old. The community has grown in size and diversity. In response we made some changes to the ways the Bro community can communicate with us.

Gitter


We are currently testing Gitter, a chat system designed for developers. Please join the Bro channel. You can browse to it at gitter.im/bro/bro, download the native apps, or connect via IRC. Currently, we have a Bro room and Broker room. We're looking forward to seeing you there! The test will go on for a couple more weeks. Please give feedback in Gitter or to info@bro.org about this.

IRC


Our IRC channel #bro on Freenode is the well established chat where many people of the community as well as some Bro developers will answer questions.

The Bro Mailing Lists


We also will continue to maintain our mailing lists. The most important ones are bro@bro.org, bro-announce@bro.org, and bro-dev@bro.org.

bro@bro.org is our general user mailing list. If you prefer mail over chat, this should be your first address whenever you get stuck using Bro or want to understand something. Experienced Bro users and members of Bro's developer team answer on this list.

bro-announce@bro.org is a low traffic mailing list used to announce Bro events, code releases, and other important news.

bro-dev@bro.org is the mailing list you should subscribe to if you want to follow or participate in discussions on Bro's future from a developer perspective. On this list we discuss design and feature decisions, and also how to resolve problems and bugs. We recently moved automated mails from our ticket system away from this list to reduce the noise. The immediate effect was an increase in productive discussions.

Twitter


Our Twitter channel is @Bro_IDS. This is our channel for quick and short news, too small for bro-announce or a blog post.

Bro Community and other ways to reach us


More options to listen or talk to us are listed on our Community page.
If you need to talk to us in private about logistics, donation offers, or other special requests, you can write to info@bro.org.

A little reminder and request to the community: As an open source project the Bro team tries to help wherever possible with using and developing Bro. Please send technical questions to one of the mailing lists, though; not to info@bro.org. That way the broader Bro community gets a chance to chime in as well, and everybody will benefit from any responses.

The Bro User Community


We want to take this opportunity to thank all our users and contributors! Please keep talking to us.