Hi Syed,
See inline.
On 2017-10-20 00:32, Syed Hammad Tahir wrote:
I have installed the snort manually. Now I need help with :
1- Capturing the data of my lan and dumping it via snort :Snort cant
see the traffic outside vagrant vm, how do I make it see that traffic?
To be honest, configuring Snort to work on your LAN is out of scope of
the project. Have a look at the documentation at https://www.snort.org/.
You will probably have to add a 2nd network interface bridged to your
LAN in promiscuous mode. Additionally, I think most of us expect some
basic Linux & network administration knowledge when using Metron.
2- Making a kafka topic to push those saved logs in metron for
preprocessing
Have a look at the Metron documentation at
https://metron.apache.org/current-book/index.html. Adding a new sensor
in the Metron UI will create the Kafka iirc.
3- Applying a basic Machine learning algorithm on the captured data.
I can't help you with this :)
