[Bro] Critical Stack requirements
monahbaki at gmail.com
Thu Jan 21 09:40:59 PST 2016
I subscribed to bambenekconsulting.com-DGA-Domains and the
master-public.bro.dat is 132MB in size.
I went with the most popular feed, I am open to suggestions as to what
feed to subscribe. I am interested in CNC alerts and malicious sites.
We have a 150MB pipe to the internet and around 70 users in the office.
I am running 1 worker though.
On Thu, Jan 21, 2016 at 12:27 PM, Mike Dopheide <dopheide at gmail.com> wrote:
> How many CriticalStack feeds are you subscribing to and against how much
> bandwidth are you monitoring?
> I've heard a rough recommendation that anything more than 100k indicators
> can be pretty rough. We run with 90k against an average 1G traffic without
> any problems (14 workers).
> On Thu, Jan 21, 2016 at 11:19 AM, Monah Baki <monahbaki at gmail.com> wrote:
>> Hi all,
>> Running SecurityOnion and trying to implement Criticial Stack with
>> Bro, server running 24GB RAM the system becomes unresponsive in 30
>> seconds. All memory and swap is utilized by then. Any documentation
>> that show sizing of Bro and Critical Stack?
>> If I remove criticalstack from local.bro, it's back to normal.
>> Bro mailing list
>> bro at bro-ids.org
More information about the Bro