[Bro] Typical Bro use case
Mustafa Qasim
alajal at gmail.com
Thu Mar 5 20:30:54 PST 2015
Hi,
I'm also exploring bro to be used as a core traffic intel framework.
However, it's just a small single server setup. I've picked the Security
Onion distro so, Snort is pre configured and running with that. I would
also like to read complete case studies of other folks who've deployed it
into production.
------
*Mustafa Qasim*
GREM, GCFE
On Wed, Mar 4, 2015 at 12:12 AM, Jerome Taylor <jtaylor1024 at yahoo.com>
wrote:
> Hello all,
>
> I am an applications engineer at a small start-up company located just
> North of Boston MA. I have been tasked to explore Bro and to write a follow
> on case study. I am somewhat new to Bro. I have installed a small cluster
> and have been working with Bro for the past few months. I would like to
> find out how others in the Bro community are using Bro.
>
> For instance:
> 1. Do most people use Bro stand-alone or are you using it in
> conjunction with another IDP/IPS sensor such as Snort
> 2. What does a typical setup look like in terms of equipment
> a. What does your engress network load look like (i.e. data rate,
> traffic mix, etc.)
> b. How many cores are required to handle your traffic load/mix
> 3. How are you processing the log files
> 4. What is the ultimate problem that you are trying to solve
>
> I am more then happy to share my findings thus far with any interested
> party. Ultimately, I would like to turn this into a presentation that I can
> share at the next BroCom.
>
> If it makes more sense for me to take these types of questions off-line
> then I will gladly do so. Again, I am very interested in finding out how
> the rest of the community is using Bro so please feel free to reach out to
> me. Thanks in advance..
>
> Regards,
> Jerome Taylor
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150306/eb38c999/attachment.html
More information about the Bro
mailing list