Hi Carolyn, The correlation capabilities are done via ES queries and are visualized in Kibana. Metron's Stallar tranformation, enrichment, and threat intel correlation capabilities allow you to pull up all relevant data and context for all telemetries ingested with a single query. Metron's PCAP services then allow you to tie it in with the underlying packet capture.
With respect to ML analytics, Metron has Model as a Service that allows the creation of stand alone models, ensembles of models, or chaining of multiple models and provides model provisioning, discovery, and scoring. If your customer has pre-existing analytics packs they wish to run on top of Metron please refer them to the boards and we will help them get the models to run on MaaS. Thanks, James 05.10.2016, 14:41, "Carolyn Duby" <[email protected]>: > Does Metron have any correlation capabilities that we can demonstrate now? > > Are any analytics packs ready to show? > > We have a customer asking about these capabilities. > > Thanks > Carolyn ------------------- Thank you, James Sirota PPMC- Apache Metron (Incubating) jsirota AT apache DOT org
