Thankyou. I will start with the VM and will ask if I need any further assistance.
On Thursday, September 7, 2017, [email protected] <[email protected]> wrote: > When I say sensors I'm referring to tools that would feed into Metron like > bro, yaf, snort, etc. > > Jon > > On Thu, Sep 7, 2017, 09:13 Syed Hammad Tahir <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> I will confirm about batch or streaming data. The sensors you mentioned, >> are they some particular devices or you are referring to sniffers or >> builtin Metron tools? >> >> On Thursday, September 7, 2017, [email protected] <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >>> Okay so that sounds much easier - will it be done in batches or >>> streaming (the network data processing, not the analytics)? I assume the >>> former, given your situation. If that's true and you don't have huge >>> amounts of data you may be able to do everything in full dev or an >>> equivalent VM. A lot of this depends on what you will be feeding into >>> Metron, and to know that you need to set up the sensors and get the network >>> traffic first. >>> >>> Jon >>> >>> On Thu, Sep 7, 2017, 00:40 Syed Hammad Tahir <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> What I wanted to do with this is the following: >>>> >>>> 1- Gather Network Data >>>> >>>> 2- Analyse it >>>> >>>> 3- Apply some machine learning algorithm to detect intrusion >>>> >>>> >>>> Now by seeking the use of Metron framework, am I following the right >>>> track here? >>>> >>>> >>>> Regards. >>>> >>>> On Wed, Sep 6, 2017 at 6:10 PM, [email protected] <[email protected]> >>>> wrote: >>>> >>>>> I would start with getting the data sources (syslog, bro data, snort >>>>> logs, etc.) first. Without knowing the architecture of those tools makes >>>>> it very difficult to suggest an install method, although for prod use I >>>>> would always default to a bare metal install. In your case you don't seem >>>>> interested in PCAP, which means you _may_ be able to get away with >>>>> something in EC2 or similar. >>>>> >>>>> Jon >>>>> >>>>> On Wed, Sep 6, 2017 at 6:41 AM Syed Hammad Tahir <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> Thankyou for answering my call to help. >>>>>> >>>>>> I am going to use it for the purpose of research at graduate level, >>>>>> and may scale it on a production level. I am targeting a few labs on this >>>>>> floor , that approximately accumulates upto 30-40 people using the >>>>>> network. >>>>>> I am open to options of using YAF, BRO, SNORT and others. Once started >>>>>> then I may also expand it in the future. What are your recommendations on >>>>>> the stated requirements. >>>>>> >>>>>> Best Regards. >>>>>> >>>>>> On Wed, Sep 6, 2017 at 3:06 PM, [email protected] <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> There are a few questions that need to be answered first. How do >>>>>>> you plan to monitor the LAN? Are you going to run YAF, Bro, Snort, >>>>>>> others? How big is your LAN, how much traffic traverses it, what is the >>>>>>> traffic composition (heavily impacts the amount of logs from >>>>>>> Bro/YAF/Snort), how much retention of data do you want, do you plan to >>>>>>> store PCAP? >>>>>>> >>>>>>> Jon >>>>>>> >>>>>>> On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> I intend to use Apache Metron framework for the analysis of our >>>>>>>> local area network. What is the best way to get started? Which >>>>>>>> installation >>>>>>>> is most suitable for me as listed in the following link: >>>>>>>> https://cwiki.apache.org/confluence/display/METRON/Installation >>>>>>>> >>>>>>>> Kindly help me with this. >>>>>>>> >>>>>>>> Regards. >>>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Jon >>>>>>> >>>>>> >>>>>> -- >>>>> >>>>> Jon >>>>> >>>> >>>> -- >>> >>> Jon >>> >> -- > > Jon >
