I need someone to create search script, ideally using elastalert but not necesary, to tell me if there was any data exchange between src_ip that are flagged as compromised and LAN. Here is the structure:
src_ip is in bro_connlog type and contains bytes_transfered;
src_ip in bro_intel contains compromised_host but has no bytes_transfered field, its by design by bro ids.
In SQL terms, I would join bro_connlog and bro_intel, show which src_ip are in both, then show which src_ip has transfered data to compromised_host(seen intel).
Then email the results as with link to Kibana.
You would give me either elastalert rule, or some sort of script that can be run comand line on Linux.
Iam also looking for Elastic/bro to engage in ongoing work with constant tasks like this and larger.
Dear Prospect Hiring Manager.
Thank you for giving me a chance to bid on your project. i am a serious bidder here and i have already worked on a similar project before and can deliver as u have mentioned
I have checked your requirements.i have right skills to work on this assignment
my award = superb result = happy client. In a good partnership, good results happen. Good cooking makes good eating!BWe consider our client as our partner.
can u provide your email or sky-pe etc for further discussion about the project.
I am ready to discuss with you
with best Regards