This is very much something Metron can do, but scoping hardware requires more detail about the data and work to be done on the data. I would focus on setting up the sensors (custom IDS, snort) and then either gather metrics and scope Metron or just spin it up by default/with whatever you have and see how it works.
Jon On Wed, Sep 20, 2017, 06:23 Syed Hammad Tahir <[email protected]> wrote: > Hi, > > 1- I want to focus more on real time analysis but lets say we start with > pcap dump, I dont know at this point that how much data it can dump in 24hr > period given the lan environment of 100 nodes. You can assert your > assumption to answer. > > 2- Snort data most probably and dont know about the nukber of events yes. > You can also assert your assumption here for a hypothetical scenerio to > guide me. > > 3- I want to build an intrusion detection system and apply some machine > learning algorithm on it so Guess profiling is the answer to the third > question. > > Based on those partial answers and your insight into this domain, kindly > reply with most suitable solution with assumptions where necessary. > > If you think that I am expecting something from metron which it cant do > then kindly let me know. > > Regards > > Regards. > > > > > > On Wed, Sep 20, 2017 at 3:11 PM, [email protected] <[email protected]> > wrote: > >> Full dev is intended for testing, not actual use. That said, to answer >> your question it is more important to know (1) will you be storing pcap, >> (1b) if so, how much per day and for how long, (2) what data will you be >> sending into Metron (bro, yaf, snort, asa, etc.) and how many events per >> second is it, and (3) what are you planning to do with the data (profiling, >> MaaS, enrichments, etc.)? >> >> Jon >> >> On Wed, Sep 20, 2017, 04:04 Syed Hammad Tahir <[email protected]> >> wrote: >> >>> Hello, >>> >>> What would be the system required in order to run metron and analyzy a >>> LAN environment of almost 100 nodes using single node full development >>> depoloyment. >>> >>> Regards. >>> >> -- >> >> Jon >> > > -- Jon
