SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

A day in the life doing incident response without Bro. And how it could be so much better.

  • Tuesday, November 14, 2017 at 1:00 PM EST (2017-11-14 18:00:00 UTC)
  • Vincent Stoffer, Matt Bromiley


  • Corelight

You can now attend the webcast using your mobile device!



As an incident responder or network security professional, you are no doubt familiar with Netflow, PCAP, Suricata and other tools that give you the information you need to investigate and respond to threats. But are you familiar with Bro and how it could completely change your approach to incident response and threat hunting?

In this SANS Expert webinar, Vincent Stoffer, Director of Customer Solutions at Corelight, will discuss his personal experiences when he was an incident responder at an organization that was not using Bro, and how his approach & results completely changed once he incorporated the power of Bro into his arsenal.

Speaker Bios

Vincent Stoffer

Vincent Stoffer is the Director of Customer Solutions at Corelight, the company founded by the creators of the Bro Network Security Monitor. As the primary product champion, Vince brings the sales, success, and engineering teams together to deliver world-class security products to Corelight customers. Vince previously held security engineering and network management positions at Lawrence Berkeley National Laboratory where he played a critical operational role in incident response, network traffic analysis, and technical consulting to improve the Lab's cyber protections. Prior to LBNL, Vince was the network security engineer at Reed College. He attended Pitzer College in Claremont, CA, graduated with a BA in Humanities from University of Oregon, and he holds the CISSP, GCIH and GCIA certifications.

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response instructor, teaching FOR508 (Advanced Incident Response, Threat Hunting, and Digital Forensics) and FOR572 (Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response). He is a principal consultant at a global incident response and forensic analysis company, combining his experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence; and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.