sonofagl1tch
commented
5 years ago after some research, it appears that bro does not support windows. This means that we cannot install bro sensors on each endpoint in the network for grainular visibility of network traffic. My next idea is to look into the possibility of creating a TAP for the detlab VPC and hooking a system running BRO off of that TAP.
currently, network visibility is pretty weak. So I want to add bro and suricata/snort to my detlab.
https://github.com/Security-Onion-Solutions/security-onion/wiki/CloudClient