[Bro] Typical Bro use case

Mustafa Qasim alajal at gmail.com
Thu Mar 5 20:30:54 PST 2015 

Hi,

I'm also exploring bro to be used as a core traffic intel framework.
However, it's just a small single server setup. I've picked the Security
Onion distro so, Snort is pre configured and running with that. I would
also like to read complete case studies of other folks who've deployed it
into production.

------
*Mustafa Qasim*
GREM, GCFE



On Wed, Mar 4, 2015 at 12:12 AM, Jerome Taylor <jtaylor1024 at yahoo.com>
wrote:

> Hello all,
>
> I am an applications engineer at a small start-up company located just
> North of Boston MA. I have been tasked to explore Bro and to write a follow
> on case study. I am somewhat new to Bro. I have installed a small cluster
> and have been working with Bro for the past few months. I would like to
> find out how others in the Bro community are using Bro.
>
> For instance:
> 1.     Do most people use Bro stand-alone or are you using it in
> conjunction with another IDP/IPS sensor such as Snort
> 2.     What does a typical setup look like in terms of equipment
> a.     What does your engress network load look like (i.e. data rate,
> traffic mix, etc.)
> b.     How many cores are required to handle your traffic load/mix
> 3.     How are you processing the log files
> 4.     What is the ultimate problem that you are trying to solve
>
> I am more then happy to share my findings thus far with any interested
> party. Ultimately, I would like to turn this into a presentation that I can
> share at the  next BroCom.
>
> If it makes more sense for me to take these types of questions off-line
> then I will gladly do so. Again, I am very interested in finding out how
> the rest of the community is using Bro so please feel free to reach out to
> me. Thanks in advance..
>
> Regards,
> Jerome Taylor
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150306/eb38c999/attachment.html

More information about the Bro mailing list