For years, organizations with large networks and highly skilled computer security incident response teams have struggled to detect many intruders or even understand their own networks. The tools available have been inflexible and limited in their ability to describe an undesirable scenario. The Bro Intrusion Detection System (Bro-IDS) provides that flexibility by implementing a domain-specific language targeted at network analysis, but it requires approaching network analysis and intrusion detection with a fresh perspective. This talk will provide that perspective.