tag:blogger.com,1999:blog-4088979.post112679599202452864..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Notes on Network Security MonitoringRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4088979.post-1126817039028916852005-09-15T16:43:00.000-04:002005-09-15T16:43:00.000-04:00Bro is nice little IDS that is pretty powerful if ...Bro is nice little IDS that is pretty powerful if you write signatures. The language is pretty straight forward and is great for in-depth analysis before hand. I believe the language used is based on ASAX.<BR/><BR/>The problems, to me, are scalability issues. There is no real form of centralized server functionality. I don't like how the logs are archived, but most of this could be changed. Reporting, session data, etc would all have to be worked on. NSM and correlation between disparate and geographically separated systems would be difficult at best.<BR/><BR/>I do like the engine and language though.Anonymousnoreply@blogger.com