I am sorry I will not be able to provide you the exact tutorials. However, I believe you can find something here: https://cwiki.apache.org/confluence/display/METRON/Metron+Architecture
If not exact answer you will the enough idea to do R&D to achieve your goals. On 5 October 2017 at 13:43, Syed Hammad Tahir <[email protected]> wrote: > Thanks for the information. Can I get any tutorial or guide on that > enrichment and labelling phase in metron? > > On Thu, Oct 5, 2017 at 1:05 PM, Umesh Kaushik <[email protected]> > wrote: > >> Yes, after passing your data from enrichment and labelling phase you can >> further take it do data modelling phase where you can use python kind of >> language to apply different modelling techniques on your data. >> >> Cheers, >> Umesh Kaushik >> 9620023458 >> >> Sent from mobile device, kindly ignore the typographical errors. >> >> On 05-Oct-2017 10:55 AM, "Syed Hammad Tahir" <[email protected]> >> wrote: >> >>> Hi, >>> >>> Lets say I have dumped snort data. Can I apply some machine learning on >>> it in metron? >>> >>> On Thu, Oct 5, 2017 at 12:54 AM, James Sirota <[email protected]> >>> wrote: >>> >>>> 1 - It us up to you to install and configure snort however you want. >>>> Metron simply consumes the Snort telemetry, but is not opinionated about >>>> how you setup your sensors. I would recommend starting with the community >>>> rule set: https://www.snort.org/faq/what-are-community-rules >>>> >>>> 2 - Again, this is outside of scope of Metron. You can view this video >>>> to get you started: https://www.youtube.com/watch?v=RUmYojxy3Xw >>>> >>>> 3 - Metron is not a network mapping tool (although support for graph >>>> databases is not too far in the future). Today, the best way to generate a >>>> network map (graph) is by using kibana. I would refer you to the following >>>> article: https://www.elastic.co/products/x-pack/graph >>>> >>>> 4 - The snort generated data would be indexed in Elasticsearch and/or >>>> stored on HDFS, depending on how you configured the system >>>> >>>> Thanks, >>>> James >>>> >>>> >>>> 04.10.2017, 03:23, "Syed Hammad Tahir" <[email protected]>: >>>> >>>> Hi all, >>>> >>>> Now that I have installed metron (single node installation on ubuntu >>>> machine), I want to do some initial testing on snort data. I have a few >>>> questions regarding this: >>>> >>>> 1- In how many configurations can I use snort with metron (for ex >>>> packet capture in sniffing mode etc)? >>>> >>>> 2- How can I change the rules in snort >>>> >>>> 3- Can I map the network using metron? >>>> >>>> 4- Is snort generated data stored somewhere? >>>> >>>> KIndly also give me some tutorial to follow for better understanding. >>>> Regards. >>>> >>>> >>>> >>>> >>>> ------------------- >>>> Thank you, >>>> >>>> James Sirota >>>> PPMC- Apache Metron (Incubating) >>>> jsirota AT apache DOT org >>>> >>>> >>> > -- Cheers, Umesh Kaushik (Full Stack Developer- Cyber security analyst: Bhujang Innovations) (9620023458)
