Linux distribution based on Debian and focusing on network security events collection. It comes with the following extra packages/tools:
-
Zeek(Bro) IDS (version: 2.6.1): compiled with PF_RING support.
-
PF_RING (version: 7.2.0): to speed up the packet processing.
-
Filebeat (version: 6.6): for log shipping.
-
Packetbeat (version: 6.6): for network data shipping. Lightweight optional replacement of Bro.
To deploy brostash on a rasberry pi or build an elastic cluster to store the generated logs, check the ansible playbooks in brostash-devops. Also the repository brostash-pipeline provides a collection of Logstash filters for different types of Bro logs.