If you have never worked with HDFS before here is a quick tutorial:
https://hortonworks.com/hadoop-tutorial/using-commandline-manage-files-hdfs/
05.10.2017, 01:26, "Simon Elliston Ball" <[email protected]>:
Try the ambari files view.THanks again, also how can I access the snort log via hdfs? Is there any web based hdfs portal or will I have to sneak into the vagrant VM file system to access that?On Thu, Oct 5, 2017 at 1:21 PM, Umesh Kaushik <[email protected]> wrote:I am sorry I will not be able to provide you the exact tutorials. However, I believe you can find something here:
https://cwiki.apache.org/confluence/display/METRON/ Metron+Architecture If not exact answer you will the enough idea to do R&D to achieve your goals.--On 5 October 2017 at 13:43, Syed Hammad Tahir <[email protected]> wrote:Thanks for the information. Can I get any tutorial or guide on that enrichment and labelling phase in metron?On Thu, Oct 5, 2017 at 1:05 PM, Umesh Kaushik <[email protected]> wrote:Yes, after passing your data from enrichment and labelling phase you can further take it do data modelling phase where you can use python kind of language to apply different modelling techniques on your data.Cheers,
Umesh Kaushik
9620023458
Sent from mobile device, kindly ignore the typographical errors.On 05-Oct-2017 10:55 AM, "Syed Hammad Tahir" <[email protected]> wrote:Hi,Lets say I have dumped snort data. Can I apply some machine learning on it in metron?On Thu, Oct 5, 2017 at 12:54 AM, James Sirota <[email protected]> wrote:1 - It us up to you to install and configure snort however you want. Metron simply consumes the Snort telemetry, but is not opinionated about how you setup your sensors. I would recommend starting with the community rule set: https://www.snort.org/faq/what-are-community-rules 2 - Again, this is outside of scope of Metron. You can view this video to get you started: https://www.youtube.com/watch?v=RUmYojxy3Xw 3 - Metron is not a network mapping tool (although support for graph databases is not too far in the future). Today, the best way to generate a network map (graph) is by using kibana. I would refer you to the following article: https://www.elastic.co/products/x-pack/graph 4 - The snort generated data would be indexed in Elasticsearch and/or stored on HDFS, depending on how you configured the systemThanks,James04.10.2017, 03:23, "Syed Hammad Tahir" <[email protected]>:Regards.KIndly also give me some tutorial to follow for better understanding.4- Is snort generated data stored somewhere?3- Can I map the network using metron?2- How can I change the rules in snort1- In how many configurations can I use snort with metron (for ex packet capture in sniffing mode etc)?Hi all,Now that I have installed metron (single node installation on ubuntu machine), I want to do some initial testing on snort data. I have a few questions regarding this:-------------------Thank you,James SirotaPPMC- Apache Metron (Incubating)jsirota AT apache DOT orgCheers,Umesh Kaushik(Full Stack Developer- Cyber security analyst: Bhujang Innovations)(9620023458)
-------------------
Thank you,
James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org
