Security's best-kept open-source secret.

The Bro Network Security Monitor is an open-source framework that gives you total visibility over your network traffic in real-time. Protecting enterprise networks since the 1990s.

How Bro Works

What's Bro?
It's the network data you wish you had.

When a security alert fires or when you have a problem to investigate, Bro helps you find the problem—faster. It complements signature-based tools to help you rapidly trace complex events across multiple flows and protocols with ease, to quickly pinpoint and resolve security issues.

tracing logs

Using Bro can completely change the job of incident response.

Hear our co-founder Seth Hall describe how:

picture of seth

Seth Hall, Chief Evangelist

Highly-structured real time network data.

If your typical response to alerts involves digging through piles of PCAP files or trying to piece together data through thin NetFlow records, there’s a better way. It’s Bro. Bro generates a wide range of rich network information, including logs for:

  • conn
  • capture loss
  • dce rpc
  • dhcp
  • dnp3
  • dns
  • dpd
  • files
  • ftp
  • http
  • intel
  • irc
  • kerberos
  • modbus
  • mysql
  • notice
  • ntlm
  • radius
  • rdp
  • sftp
  • sip
  • socks
  • smb
  • smtp
  • snmp
  • ssh
  • ssl
  • tunnel
  • weird
  • x509

Top organizations use Bro to:

Find rogue application deployments