[Bro] Bro vs NetFlow
vladg at cmu.edu
Tue Oct 8 07:08:28 PDT 2013
On Oct 8, 2013, at 9:26 AM, Swan, Jay <jswan at sugf.com> wrote:
> I was mainly curious if anyone had managed to do away with NetFlow analysis through pervasive use of Bro. I didn't think that would likely be the case.
Carnegie Mellon has. We used Netflow and Argus previously, but have replaced them with Bro. We do plan to deploy Time Machine as well. While this isn't duplicating tools, having full PCAPs available complements Bro well.
Information Security Office
Carnegie Mellon University
 - <http://www.bro.org/community/time-machine.html>
More information about the Bro