[Bro] Bro vs NetFlow
Slagell, Adam J
slagell at illinois.edu
Tue Oct 8 06:36:44 PDT 2013
Even at the NCSA, with our strong use of Bro, we record and utilize netflows. Part of it is because we have tools and infrastructure in place to quickly search NetFlows. Part of it is because all our routers give us NetFlows, giving us some views of internal traffic that Bro sensors will never see.
It really isn't an either-or case for us.
On Oct 8, 2013, at 8:26 AM, "Swan, Jay" <jswan at sugf.com>
wrote:
> I probably screwed up by titling the thread Bro *versus* NetFlow... I was mainly curious if anyone had managed to do away with NetFlow analysis through pervasive use of Bro. I didn't think that would likely be the case.
------
Adam J. Slagell
Chief Information Security Officer
Sr. Research Scientist
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
www.slagell.info
"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
More information about the Bro
mailing list