[Bro] Bro vs NetFlow
Vlad Grigorescu
vladg at cmu.edu
Tue Oct 8 07:08:28 PDT 2013
On Oct 8, 2013, at 9:26 AM, Swan, Jay <jswan at sugf.com> wrote:
> I was mainly curious if anyone had managed to do away with NetFlow analysis through pervasive use of Bro. I didn't think that would likely be the case.
Carnegie Mellon has. We used Netflow and Argus previously, but have replaced them with Bro. We do plan to deploy Time Machine[1] as well. While this isn't duplicating tools, having full PCAPs available complements Bro well.
--Vlad Grigorescu
Information Security Office
Carnegie Mellon University
[1] - <http://www.bro.org/community/time-machine.html>
More information about the Bro
mailing list