Last Day to Get an iPad Air with Smart Keyboard, or Surface Go, or $300 Off with OnDemand or vLive Training through Today Only!


To attend this webcast, login to your SANS Account or create your Account.

A day in the life doing incident response without Bro. And how it could be so much better.

  • Tuesday, November 14th, 2017 at 1:00 PM EST (18:00:00 UTC)
  • Vincent Stoffer and Matt Bromiley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Corelight

You can now attend the webcast using your mobile device!


As an incident responder or network security professional, you are no doubt familiar with Netflow, PCAP, Suricata and other tools that give you the information you need to investigate and respond to threats. But are you familiar with Bro and how it could completely change your approach to incident response and threat hunting?

In this SANS Expert webinar, Vincent Stoffer, Director of Customer Solutions at Corelight, will discuss his personal experiences when he was an incident responder at an organization that was not using Bro, and how his approach & results completely changed once he incorporated the power of Bro into his arsenal.

Speaker Bios

Vincent Stoffer

Vincent Stoffer is the Director of Customer Solutions at Corelight, the company founded by the creators of the Bro Network Security Monitor. As the primary product champion, Vince brings the sales, success, and engineering teams together to deliver world-class security products to Corelight customers. Vince previously held security engineering and network management positions at Lawrence Berkeley National Laboratory where he played a critical operational role in incident response, network traffic analysis, and technical consulting to improve the Lab's cyber protections. Prior to LBNL, Vince was the network security engineer at Reed College. He attended Pitzer College in Claremont, CA, graduated with a BA in Humanities from University of Oregon, and he holds the CISSP, GCIH and GCIA certifications.

Matt Bromiley

Matt Bromiley is a SANS Digital Forensics and Incident Response instructor, teaching FOR508 Advanced Incident Response, Threat Hunting and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response, and a GIAC Advisory Board member. He is also an incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.