Yes, I run both in my environment and they are both security products but
that's about where the similarities end. Ossec is a host based solution
that monitors local activity with it's tree based rules engine, Metron is a
distributed solution that handles large sets of data from many sources and
a
Where did you get the plugin from, and do you have $BRO_SRC set? This
plugin has recently moved, had a release, and became a package. The
documentation you point to is outdated at this point, and updated
documentation is a part of a release that's currently being voted on.
Please use bro-pkg to
Can I send syslogs to HDFS using NiFi without using Kafka Topic?
On 21 Dec 2017 5:16 p.m., "zeo...@gmail.com" wrote:
> Where did you get the plugin from, and do you have $BRO_SRC set? This
> plugin has recently moved, had a release, and became a package. The
> documentation you point to is out
Jon thanks for the information.
I am indeed trying to learn both of them just wanted to get expert ideas.
OSSEC is also supported by OSSIM which is somewhat like metron. I would
like to hear ideas which may make metron better alternative and or
composite usage.
Regards,
On Thu, Dec 21, 2017
In many ways it’s a matter of scale. OSSIM is a kind of lite version of
AlienVault, and used by them. I’ve seen people move from an OSSIM architecture
to Metron specifically to get better scaling, things like PCAP capabilities
etc. but also retain the OSSEC agents to handle endpoint and scanning
If you don’t send them through the kafka topic, and use nifi to write to
hdfs directly, then you will be skipping the enrichment and ES indexing.
Is that what you want?
On December 21, 2017 at 06:52:37, Gaurav Bapat (gauravb3...@gmail.com)
wrote:
Can I send syslogs to HDFS using NiFi without usi
@Haruo, we haven't tightly integrated them yet, but have plans to do so in
Q1. We have been running OSSEC for a very long time and are in the middle
of an upgrade/cleanup project that we want to complete before feeding the
data into Metron (v2.9.0 now supports JSON alerts). Interested to hear
mor
Hello tuutdo,
We used OSSEC with OSSIM.
My experience with OSSIM is you can't save queries and create elaborate
dashboards like you can with Metron. Metron also seems to have a better path
for integrating your own sensors.
OSSEC integration with Metron is on our wish list.
-Ahmed
_
Is it in jira?
On December 21, 2017 at 10:39:46, Ahmed Shah (ahmeds...@cmail.carleton.ca)
wrote:
Hello tuutdo,
We used OSSEC with OSSIM.
My experience with OSSIM is you can't save queries and create elaborate
dashboards like you can with Metron. Metron also seems to have a better
path for in
