Actually I need to forward the specs for my IT department as soon as possible, I was thinking to get a rough idea. Regards.
On Wed, Sep 20, 2017 at 3:43 PM, [email protected] <[email protected]> wrote: > This is very much something Metron can do, but scoping hardware requires > more detail about the data and work to be done on the data. I would focus > on setting up the sensors (custom IDS, snort) and then either gather > metrics and scope Metron or just spin it up by default/with whatever you > have and see how it works. > > Jon > > On Wed, Sep 20, 2017, 06:23 Syed Hammad Tahir <[email protected]> > wrote: > >> Hi, >> >> 1- I want to focus more on real time analysis but lets say we start with >> pcap dump, I dont know at this point that how much data it can dump in 24hr >> period given the lan environment of 100 nodes. You can assert your >> assumption to answer. >> >> 2- Snort data most probably and dont know about the nukber of events yes. >> You can also assert your assumption here for a hypothetical scenerio to >> guide me. >> >> 3- I want to build an intrusion detection system and apply some machine >> learning algorithm on it so Guess profiling is the answer to the third >> question. >> >> Based on those partial answers and your insight into this domain, kindly >> reply with most suitable solution with assumptions where necessary. >> >> If you think that I am expecting something from metron which it cant do >> then kindly let me know. >> >> Regards >> >> Regards. >> >> >> >> >> >> On Wed, Sep 20, 2017 at 3:11 PM, [email protected] <[email protected]> >> wrote: >> >>> Full dev is intended for testing, not actual use. That said, to answer >>> your question it is more important to know (1) will you be storing pcap, >>> (1b) if so, how much per day and for how long, (2) what data will you be >>> sending into Metron (bro, yaf, snort, asa, etc.) and how many events per >>> second is it, and (3) what are you planning to do with the data (profiling, >>> MaaS, enrichments, etc.)? >>> >>> Jon >>> >>> On Wed, Sep 20, 2017, 04:04 Syed Hammad Tahir <[email protected]> >>> wrote: >>> >>>> Hello, >>>> >>>> What would be the system required in order to run metron and analyzy a >>>> LAN environment of almost 100 nodes using single node full development >>>> depoloyment. >>>> >>>> Regards. >>>> >>> -- >>> >>> Jon >>> >> >> -- > > Jon >
