Since most cyber attacks cross the network and hosts themselves can be compromised, threat hunters and incident responders typically rely on network data as a vital source of truth, to reconstruct what really happened (or is happening now) in their environment. '
Unfortunately, common sources of network data such as NetFlow, DNS server logs, and PCAP have limitations. Some are too expensive to store and difficult to search at scale (e.g. PCAP), while others contain minimal information and leave critical questions unanswered (e.g. NetFlow).
Between these two extremes lies a perfect middle ground: the compact, actionable data generated by the open-source network monitoring platform 'Bro '. Bro produces rich and highly-organized logs that summarize events on the wire comprehensively, in a format designed by and for security professionals. Bro provides much of the network context of PCAP, but with NetFlow-like usability.
Register for this technical webcast to hear from Greg Bell, CEO of Corelight, and SANS Instructor Matt Bromiley about their frontline experience with Bro - and to learn about five unique ways that Bro empowers incident responders and threat hunters to get their work done faster and more effectively.