Syed, I would strongly suggest you go through the Squid based tutorial to get an idea of how enrichment and indexing works. See: https://cwiki.apache.org/confluence/display/METRON/Metron+Reference+Application <https://cwiki.apache.org/confluence/display/METRON/Metron+Reference+Application>
> On 5 Oct 2017, at 09:13, Syed Hammad Tahir <[email protected]> wrote: > > Thanks for the information. Can I get any tutorial or guide on that > enrichment and labelling phase in metron? > > On Thu, Oct 5, 2017 at 1:05 PM, Umesh Kaushik <[email protected] > <mailto:[email protected]>> wrote: > Yes, after passing your data from enrichment and labelling phase you can > further take it do data modelling phase where you can use python kind of > language to apply different modelling techniques on your data. > > Cheers, > Umesh Kaushik > 9620023458 > > Sent from mobile device, kindly ignore the typographical errors. > > On 05-Oct-2017 10:55 AM, "Syed Hammad Tahir" <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > Lets say I have dumped snort data. Can I apply some machine learning on it in > metron? > > On Thu, Oct 5, 2017 at 12:54 AM, James Sirota <[email protected] > <mailto:[email protected]>> wrote: > 1 - It us up to you to install and configure snort however you want. Metron > simply consumes the Snort telemetry, but is not opinionated about how you > setup your sensors. I would recommend starting with the community rule set: > https://www.snort.org/faq/what-are-community-rules > <https://www.snort.org/faq/what-are-community-rules> > > 2 - Again, this is outside of scope of Metron. You can view this video to get > you started: https://www.youtube.com/watch?v=RUmYojxy3Xw > <https://www.youtube.com/watch?v=RUmYojxy3Xw> > > 3 - Metron is not a network mapping tool (although support for graph > databases is not too far in the future). Today, the best way to generate a > network map (graph) is by using kibana. I would refer you to the following > article: https://www.elastic.co/products/x-pack/graph > <https://www.elastic.co/products/x-pack/graph> > > 4 - The snort generated data would be indexed in Elasticsearch and/or stored > on HDFS, depending on how you configured the system > > Thanks, > James > > > 04.10.2017, 03:23, "Syed Hammad Tahir" <[email protected] > <mailto:[email protected]>>: >> Hi all, >> >> Now that I have installed metron (single node installation on ubuntu >> machine), I want to do some initial testing on snort data. I have a few >> questions regarding this: >> >> 1- In how many configurations can I use snort with metron (for ex packet >> capture in sniffing mode etc)? >> >> 2- How can I change the rules in snort >> >> 3- Can I map the network using metron? >> >> 4- Is snort generated data stored somewhere? >> >> KIndly also give me some tutorial to follow for better understanding. >> Regards. >> >> > > > ------------------- > Thank you, > > James Sirota > PPMC- Apache Metron (Incubating) > jsirota AT apache DOT org > > >
