Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


Making the Most of a Lot [of Data]: Netflow in US-CERT Operations

  • Abstract

    Netflow has long proven to be a key asset to both the network operator and defender. This presentation reviews some of the more common, yet invaluable, uses of netflow in US-CERT's daily monitoring, analysis, and incident response operations. Further, it highlights some of US-CERT's efforts to operationalize netflow-based analytics, rooted in netflow community research but adapted to account for (and where possible take advantage of) the large size and diversity of our constituent population.

  • Download

Part of a Collection

FloCon 2016 Presentations