You mean that I must start snort from terminal by doing snort -v and then push it to kafka topic? I need to start snort in packet capture mode.
On Tue, Oct 10, 2017 at 9:52 PM, James Sirota <[email protected]> wrote: > Yes, you can use Snort. Metron can consume Snort telemetries out of the > box. You have to setup Snort on your own and push the output into a kafka > topic (most likely using NiFi). From there on you can use the output of > Snort in Metron. > > > 10.10.2017, 00:48, "Syed Hammad Tahir" <[email protected]>: > > Hi, > > Can I use snort in packet capture mode with metron? By default it works in > IDS mode only. > > Regards. > > > > ------------------- > Thank you, > > James Sirota > PMC- Apache Metron > jsirota AT apache DOT org > >
