[Bro] Typical Bro use case

Mustafa Qasim alajal at gmail.com
Thu Mar 5 20:30:54 PST 2015


I'm also exploring bro to be used as a core traffic intel framework.
However, it's just a small single server setup. I've picked the Security
Onion distro so, Snort is pre configured and running with that. I would
also like to read complete case studies of other folks who've deployed it
into production.

*Mustafa Qasim*

On Wed, Mar 4, 2015 at 12:12 AM, Jerome Taylor <jtaylor1024 at yahoo.com>

> Hello all,
> I am an applications engineer at a small start-up company located just
> North of Boston MA. I have been tasked to explore Bro and to write a follow
> on case study. I am somewhat new to Bro. I have installed a small cluster
> and have been working with Bro for the past few months. I would like to
> find out how others in the Bro community are using Bro.
> For instance:
> 1.     Do most people use Bro stand-alone or are you using it in
> conjunction with another IDP/IPS sensor such as Snort
> 2.     What does a typical setup look like in terms of equipment
> a.     What does your engress network load look like (i.e. data rate,
> traffic mix, etc.)
> b.     How many cores are required to handle your traffic load/mix
> 3.     How are you processing the log files
> 4.     What is the ultimate problem that you are trying to solve
> I am more then happy to share my findings thus far with any interested
> party. Ultimately, I would like to turn this into a presentation that I can
> share at the  next BroCom.
> If it makes more sense for me to take these types of questions off-line
> then I will gladly do so. Again, I am very interested in finding out how
> the rest of the community is using Bro so please feel free to reach out to
> me. Thanks in advance..
> Regards,
> Jerome Taylor
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150306/eb38c999/attachment.html 

More information about the Bro mailing list