Abstract

In this talk we intend to focus on the operational use of bro at the Berkeley Lab and at the NERSC. The talk covers the architecture and the deployment strategies for Bro throughout the Lab infrastructure (including enclaves), the use of bro for putting dynamic blocks on routers — highlighting functionality of Drop, catch-and-release and DHCP blocking using stomper. We also focus on the use of bro for syslog analysis, instrumented sshd deployment and use of Time machine. And off-course, the incident response using bro.