[Bro] several questions for introducing Bro to commercial system

iitsukas at nttdata.co.jp iitsukas at nttdata.co.jp
Mon Mar 6 01:45:21 PST 2017


I am trying to introduce Bro to the enterprise system for the security enhancement purpose.

I have several questions. Could you please answer the following questions?

1. Bro stores captured data into XXX.log files(XXX is http for example). In this case, how much data does Haka store into local file system per transaction? If you have any reference data, please let me know.

2. When Bro introduced machine has broken and fixed it, is it possible to continue the process(packet capturing process and storing data process into local file system) using the fixed machine without any problems?

3. What is the market share in the network forensic domain?

Best regards,
Satoshi Iitsuka
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170306/d3a56d79/attachment.html 

More information about the Bro mailing list