[Bro] Bro vs NetFlow

Vlad Grigorescu vladg at cmu.edu
Tue Oct 8 07:08:28 PDT 2013

On Oct 8, 2013, at 9:26 AM, Swan, Jay <jswan at sugf.com> wrote:

> I was mainly curious if anyone had managed to do away with NetFlow analysis through pervasive use of Bro. I didn't think that would likely be the case.

Carnegie Mellon has. We used Netflow and Argus previously, but have replaced them with Bro. We do plan to deploy Time Machine[1] as well. While this isn't duplicating tools, having full PCAPs available complements Bro well.

  --Vlad Grigorescu
    Information Security Office
    Carnegie Mellon University

[1] - <http://www.bro.org/community/time-machine.html>

More information about the Bro mailing list