Very useful with support for flows as it is easy to implement, will provide a lot of automatic use cases, detect other uses cases than log-based.

-Ease of operation including patching and upgrades -Should ensure that all related suspect data (network traffic, user behaviour, ..) are gathered and presented as one suspect security incident to significantly reduce the analyst work. -Provides an easily understood…