[Bro] Yet Another Conference - like no other :)

Swan, Jay jswan at sugf.com
Mon Oct 21 07:20:58 PDT 2013

You mentioned that you're using Bro 2.2, though. Is that on a separate cluster or are you building 2.2 into a Security Onion install? If the latter, how do you manage that process? Seems like it would be complex.

From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Michal Purzynski
Sent: Saturday, October 19, 2013 5:19 AM
To: Kristoffer Björk
Cc: bro at bro.org
Subject: Re: [Bro] Yet Another Conference - like no other :)

On 10/18/13 7:38 PM, Kristoffer Björk wrote:
Great presentation!
Do you use security onion for the bro & snort clusters or you installed it on vanilla linux/bsd boxes?

It's all Security Onion, tuned to our needs. That's the power of SO - it's so flexible you can enable/disable/change parts of it without impacting the rest. I can't imagine doing all the integration that SO does, myself. Technically doable, but -ENOTIME :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131021/ab1a245d/attachment.html 

More information about the Bro mailing list