[Bro] Typical Bro use case
alajal at gmail.com
Thu Mar 5 20:30:54 PST 2015
I'm also exploring bro to be used as a core traffic intel framework.
However, it's just a small single server setup. I've picked the Security
Onion distro so, Snort is pre configured and running with that. I would
also like to read complete case studies of other folks who've deployed it
On Wed, Mar 4, 2015 at 12:12 AM, Jerome Taylor <jtaylor1024 at yahoo.com>
> Hello all,
> I am an applications engineer at a small start-up company located just
> North of Boston MA. I have been tasked to explore Bro and to write a follow
> on case study. I am somewhat new to Bro. I have installed a small cluster
> and have been working with Bro for the past few months. I would like to
> find out how others in the Bro community are using Bro.
> For instance:
> 1. Do most people use Bro stand-alone or are you using it in
> conjunction with another IDP/IPS sensor such as Snort
> 2. What does a typical setup look like in terms of equipment
> a. What does your engress network load look like (i.e. data rate,
> traffic mix, etc.)
> b. How many cores are required to handle your traffic load/mix
> 3. How are you processing the log files
> 4. What is the ultimate problem that you are trying to solve
> I am more then happy to share my findings thus far with any interested
> party. Ultimately, I would like to turn this into a presentation that I can
> share at the next BroCom.
> If it makes more sense for me to take these types of questions off-line
> then I will gladly do so. Again, I am very interested in finding out how
> the rest of the community is using Bro so please feel free to reach out to
> me. Thanks in advance..
> Jerome Taylor
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro