Re: Enable geo enrichment

2017-10-05 Thread Nick Allen
+1 to using GEO_GET On Thu, Oct 5, 2017 at 5:59 PM, Justin Leet wrote: > There is also a Stellar function for doing geo lookups. > http://metron.apache.org/current-book/metron-stellar/stellar-common/index. > html#GEO_GET It'll return a map of the fields when given an IP. > > On Thu, Oct 5, 2017

Re: Enable geo enrichment

2017-10-05 Thread Justin Leet
There is also a Stellar function for doing geo lookups. http://metron.apache.org/current-book/metron-stellar/stellar-common/index.html#GEO_GET It'll return a map of the fields when given an IP. On Thu, Oct 5, 2017 at 5:37 PM, Simon Elliston Ball < si...@simonellistonball.com> wrote: > And incase

Re: Enable geo enrichment

2017-10-05 Thread Simon Elliston Ball
And incase your install didn’t pick up the latest geo database (or you want to update it, the bottom of http://metron.apache.org/current-book/metron-platform/metron-data-management/index.html gives you th

Re: Enable geo enrichment

2017-10-05 Thread Simon Elliston Ball
http://metron.apache.org/current-book/metron-platform/metron-enrichment/index.html Shows you how to configure geo enrichment. Simon > On 5 Oct 2017, at 22:33, Laurens Vets wrote: > > What's the quickest way

Enable geo enrichment

2017-10-05 Thread Laurens Vets
What's the quickest way to enable geo enrichment on a source ip address in 0.4.1-release? Is there a simple document somewhere with instructions?

Re: Initial Testing

2017-10-05 Thread Simon Elliston Ball
Try the ambari files view. > On 5 Oct 2017, at 09:24, Syed Hammad Tahir wrote: > > THanks again, also how can I access the snort log via hdfs? Is there any web > based hdfs portal or will I have to sneak into the vagrant VM file system to > access that? > >> On Thu, Oct 5, 2017 at 1:21 PM, Um

Re: Initial Testing

2017-10-05 Thread Syed Hammad Tahir
THanks again, also how can I access the snort log via hdfs? Is there any web based hdfs portal or will I have to sneak into the vagrant VM file system to access that? On Thu, Oct 5, 2017 at 1:21 PM, Umesh Kaushik wrote: > I am sorry I will not be able to provide you the exact tutorials. However,

Re: Initial Testing

2017-10-05 Thread Umesh Kaushik
I am sorry I will not be able to provide you the exact tutorials. However, I believe you can find something here: https://cwiki.apache.org/confluence/display/METRON/Metron+Architecture If not exact answer you will the enough idea to do R&D to achieve your goals. On 5 October 2017 at 13:43, Syed H

Re: Initial Testing

2017-10-05 Thread Simon Elliston Ball
Syed, I would strongly suggest you go through the Squid based tutorial to get an idea of how enrichment and indexing works. See: https://cwiki.apache.org/confluence/display/METRON/Metron+Reference+Application > On

Re: Initial Testing

2017-10-05 Thread Syed Hammad Tahir
Thanks for the information. Can I get any tutorial or guide on that enrichment and labelling phase in metron? On Thu, Oct 5, 2017 at 1:05 PM, Umesh Kaushik wrote: > Yes, after passing your data from enrichment and labelling phase you can > further take it do data modelling phase where you can us

Re: Initial Testing

2017-10-05 Thread Umesh Kaushik
Yes, after passing your data from enrichment and labelling phase you can further take it do data modelling phase where you can use python kind of language to apply different modelling techniques on your data. Cheers, Umesh Kaushik 9620023458 Sent from mobile device, kindly ignore the typographica