[Bro] Bro vs NetFlow

Romig, Steven romig.1 at osu.edu
Sat Oct 5 15:00:33 PDT 2013


We use both, they're very complementary.  Detailed info from Bro, less so with netflow.  We collect netflow from our core routers and border fibers (using argus and indexing them live into Splunk), bro is just border and a few key places internally.  We're using snort also - why settle for less info when you can have more? :-)

--- Steve




More information about the Bro mailing list