Where can we find up to date documentation on supported sensors? The existing documentation on metron website on sensors dates back to early 2016 and might be stale. I read somewhere that Metron had plans to support Nifi as a possible source of input data. I cannot find any documentation regarding integrating data gleaned from sources connected through Nifi. Any help in this regard will be highly appreciated.
On Thu, Sep 7, 2017 at 8:15 PM, [email protected] <[email protected]> wrote: > When I say sensors I'm referring to tools that would feed into Metron like > bro, yaf, snort, etc. > > Jon > > On Thu, Sep 7, 2017, 09:13 Syed Hammad Tahir <[email protected]> wrote: > >> I will confirm about batch or streaming data. The sensors you mentioned, >> are they some particular devices or you are referring to sniffers or >> builtin Metron tools? >> >> On Thursday, September 7, 2017, [email protected] <[email protected]> >> wrote: >> >>> Okay so that sounds much easier - will it be done in batches or >>> streaming (the network data processing, not the analytics)? I assume the >>> former, given your situation. If that's true and you don't have huge >>> amounts of data you may be able to do everything in full dev or an >>> equivalent VM. A lot of this depends on what you will be feeding into >>> Metron, and to know that you need to set up the sensors and get the network >>> traffic first. >>> >>> Jon >>> >>> On Thu, Sep 7, 2017, 00:40 Syed Hammad Tahir <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> What I wanted to do with this is the following: >>>> >>>> 1- Gather Network Data >>>> >>>> 2- Analyse it >>>> >>>> 3- Apply some machine learning algorithm to detect intrusion >>>> >>>> >>>> Now by seeking the use of Metron framework, am I following the right >>>> track here? >>>> >>>> >>>> Regards. >>>> >>>> On Wed, Sep 6, 2017 at 6:10 PM, [email protected] <[email protected]> >>>> wrote: >>>> >>>>> I would start with getting the data sources (syslog, bro data, snort >>>>> logs, etc.) first. Without knowing the architecture of those tools makes >>>>> it very difficult to suggest an install method, although for prod use I >>>>> would always default to a bare metal install. In your case you don't seem >>>>> interested in PCAP, which means you _may_ be able to get away with >>>>> something in EC2 or similar. >>>>> >>>>> Jon >>>>> >>>>> On Wed, Sep 6, 2017 at 6:41 AM Syed Hammad Tahir <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> Thankyou for answering my call to help. >>>>>> >>>>>> I am going to use it for the purpose of research at graduate level, >>>>>> and may scale it on a production level. I am targeting a few labs on this >>>>>> floor , that approximately accumulates upto 30-40 people using the >>>>>> network. >>>>>> I am open to options of using YAF, BRO, SNORT and others. Once started >>>>>> then I may also expand it in the future. What are your recommendations on >>>>>> the stated requirements. >>>>>> >>>>>> Best Regards. >>>>>> >>>>>> On Wed, Sep 6, 2017 at 3:06 PM, [email protected] <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> There are a few questions that need to be answered first. How do >>>>>>> you plan to monitor the LAN? Are you going to run YAF, Bro, Snort, >>>>>>> others? How big is your LAN, how much traffic traverses it, what is the >>>>>>> traffic composition (heavily impacts the amount of logs from >>>>>>> Bro/YAF/Snort), how much retention of data do you want, do you plan to >>>>>>> store PCAP? >>>>>>> >>>>>>> Jon >>>>>>> >>>>>>> On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> I intend to use Apache Metron framework for the analysis of our >>>>>>>> local area network. What is the best way to get started? Which >>>>>>>> installation >>>>>>>> is most suitable for me as listed in the following link: >>>>>>>> https://cwiki.apache.org/confluence/display/METRON/Installation >>>>>>>> >>>>>>>> Kindly help me with this. >>>>>>>> >>>>>>>> Regards. >>>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Jon >>>>>>> >>>>>> >>>>>> -- >>>>> >>>>> Jon >>>>> >>>> >>>> -- >>> >>> Jon >>> >> -- > > Jon >
