Hi Jon, Do you mean AWS can be configured BGP and OSPF so that logically be part of my network though physically outside my network site to collect scan ?
Cisco IPS’s IME can get attacker or victim log, What is the difference between IME and Metron? What are more in Metron in aspect of security? Regards, Ho Yeung, Lee Get Outlook<https://aka.ms/qtex0l> for iOS _____________________________ From: [email protected] <[email protected]> Sent: Sunday, December 31, 2017 6:05 AM Subject: Re: where do Metron install ? inside or outside of infrastructure network? To: <[email protected]> Typically you would install Metron in a secured area of your network, especially if you aren't implementing Kerberos. This can be locally on servers, or in AWS (or be any other cloud) with certain configurations. Metron does primarily data cleansing and analysis but is fed data from sensors. Those sensors are the things that can be distributed throughout a network, that do scans, or can be on systems in your environment as an agent. There are a lot of options on how you get the logs and alerts from the sensors into Metron, but for a start you can look at Apache NiFi or tooling that uses librdkafka. Hope that helps, Jon On Sat, Dec 30, 2017, 11:36 Martin Lee <[email protected]<mailto:[email protected]>> wrote: Hi, i find that SOC can scan inside and outside of network. where do Metron install ? inside or outside of infrastructure network? as i see that it can be installed in Amazon cloud, is it install outside of infrastructure of company network? if install outside, how can it scan from inside? if install inside, how can it scan from outside? is there any book teaching how to set up Metron? i find that there are 10 nodes if install in Amazon Regards, Ho Yeung, Lee Martin -- Jon
