Hi, 1- I want to focus more on real time analysis but lets say we start with pcap dump, I dont know at this point that how much data it can dump in 24hr period given the lan environment of 100 nodes. You can assert your assumption to answer.
2- Snort data most probably and dont know about the nukber of events yes. You can also assert your assumption here for a hypothetical scenerio to guide me. 3- I want to build an intrusion detection system and apply some machine learning algorithm on it so Guess profiling is the answer to the third question. Based on those partial answers and your insight into this domain, kindly reply with most suitable solution with assumptions where necessary. If you think that I am expecting something from metron which it cant do then kindly let me know. Regards Regards. On Wed, Sep 20, 2017 at 3:11 PM, [email protected] <[email protected]> wrote: > Full dev is intended for testing, not actual use. That said, to answer > your question it is more important to know (1) will you be storing pcap, > (1b) if so, how much per day and for how long, (2) what data will you be > sending into Metron (bro, yaf, snort, asa, etc.) and how many events per > second is it, and (3) what are you planning to do with the data (profiling, > MaaS, enrichments, etc.)? > > Jon > > On Wed, Sep 20, 2017, 04:04 Syed Hammad Tahir <[email protected]> > wrote: > >> Hello, >> >> What would be the system required in order to run metron and analyzy a >> LAN environment of almost 100 nodes using single node full development >> depoloyment. >> >> Regards. >> > -- > > Jon >
