I'm actually not familiar with the code platform, usually I would suggest full dev vagrant or docker for initial testing.
Ok, I have some more questions: 1. What data sources do you have that you want Metron to ingest? 2. What sort of enrichments may be important to you? Do you have data that you'd like to add to messages as they're ingested? 3. Do you know of certain patterns that you want to monitor in your environment? This platform is really good at threat hunting and SOC operations. What makes it great is that Stellar lets you easily work with your data as it's being ingested, and MaaS allows you to find unknown unknowns after the fact. For instance, if you see a certain pattern you can raise an alert. Check out the YouTube videos here for some good examples - https://www.youtube.com/watch?v=oElf7G_m7_E Jon On Tue, Mar 28, 2017, 7:17 AM Farrukh Naveed Anjum <anjum.farr...@gmail.com> wrote: I have setup it via Code Plateform Vagrant Machine, it is working there. I just need to know how can I use it ? Any small example or usecase will do ? Li On Tue, Mar 28, 2017 at 3:18 PM, zeo...@gmail.com <zeo...@gmail.com> wrote: Do you already have bro and/or snort configured and running outside of Metron? For bro have you tried this< https://github.com/bro/bro-plugins/tree/master/kafka>? If Metron is not up and running then perhaps we should work on that instead. Can you provide details regarding the failures you're seeing? Jon On Tue, Mar 28, 2017, 2:27 AM Farrukh Naveed Anjum <anjum.farr...@gmail.com> wrote: Hi, 0.3.1 is having problem getting up started. please guide me on Bro and Snot logs On Tue, Mar 28, 2017 at 6:51 AM, zeo...@gmail.com <zeo...@gmail.com> wrote: Hi Farrukh, Sorry I'm just now seeing your message. Were you able to get things figured out? Off the bat, I would recommend using 0.3.1 instead of 0.2.0BETA as there are a lot of improvements, but I could definitely help out regarding ingesting Bro and/or Snort logs into Metron. Let me know - thanks, Jon On Thu, Feb 23, 2017 at 6:10 AM Farrukh Naveed Anjum < anjum.farr...@gmail.com> wrote: Hi, How can we use Snort and Bro with with Metron ? Reference application only provides the SQUID Example. Any short tutorial will do good. -- With Regards Farrukh Naveed Anjum -- Jon -- With Regards Farrukh Naveed Anjum -- Jon -- With Regards Farrukh Naveed Anjum -- Jon
