Hi,
I've been looking at metron for a few days now and I have a unique use - thought of asking the experts if it makes sense to use metron in this scenario. My understanding of the project so far is that its a framework built for analyzing cybersecurity threats. This includes analyzing IP packets, network traffics, URLs etc to calculate risk scores etc. The framework also enables data scientists to build and test their models. There are data collection plugins that collect data from variety of sources, stream it over kafka and makes them available for use by various models. Now, we have a customer facing portal where customers login, submit all kinds of orders and transactions. We were looking at ways to analyze fraud that originates from our portal and I stumbled upon Metron. While we can definitely use Metron for analyzing source traffic, but would it be a good idea to use Metron to analyze the actual transactions themselves? I do understand that we will have to build our models etc. but given that all the heavy lifting is already done, I'm tempted to try Metron for this use case (instead of re-inventing the wheel). Is this possible/recommended? Or would you recommend using Metron strictly for network related analysis? Best Regards, Sanket
