Re: How to use Snort and Bro with with Metron (0.2Beta)

I'm actually not familiar with the code platform, usually I would suggest full dev vagrant or docker for initial testing. Ok, I have some more questions: 1. What data sources do you have that you want Metron to ingest? 2. What sort of enrichments may be important to you? Do you have data that

Re: How to use Snort and Bro with with Metron (0.2Beta)

I have setup it via Code Plateform Vagrant Machine, it is working there. I just need to know how can I use it ? Any small example or usecase will do ? Li On Tue, Mar 28, 2017 at 3:18 PM, zeo...@gmail.com wrote: > Do you already have bro and/or snort configured and running

Re: How to use Snort and Bro with with Metron (0.2Beta)

Do you already have bro and/or snort configured and running outside of Metron? For bro have you tried this< https://github.com/bro/bro-plugins/tree/master/kafka>? If Metron is not up and running then perhaps we should work on that instead. Can you provide details regarding the failures you're

Re: How to use Snort and Bro with with Metron (0.2Beta)

Hi Farrukh, Sorry I'm just now seeing your message. Were you able to get things figured out? Off the bat, I would recommend using 0.3.1 instead of 0.2.0BETA as there are a lot of improvements, but I could definitely help out regarding ingesting Bro and/or Snort logs into Metron. Let me know -