Hi, What I wanted to do with this is the following:
1- Gather Network Data 2- Analyse it 3- Apply some machine learning algorithm to detect intrusion Now by seeking the use of Metron framework, am I following the right track here? Regards. On Wed, Sep 6, 2017 at 6:10 PM, [email protected] <[email protected]> wrote: > I would start with getting the data sources (syslog, bro data, snort logs, > etc.) first. Without knowing the architecture of those tools makes it very > difficult to suggest an install method, although for prod use I would > always default to a bare metal install. In your case you don't seem > interested in PCAP, which means you _may_ be able to get away with > something in EC2 or similar. > > Jon > > On Wed, Sep 6, 2017 at 6:41 AM Syed Hammad Tahir <[email protected]> > wrote: > >> Hello, >> >> Thankyou for answering my call to help. >> >> I am going to use it for the purpose of research at graduate level, and >> may scale it on a production level. I am targeting a few labs on this floor >> , that approximately accumulates upto 30-40 people using the network. I am >> open to options of using YAF, BRO, SNORT and others. Once started then I >> may also expand it in the future. What are your recommendations on the >> stated requirements. >> >> Best Regards. >> >> On Wed, Sep 6, 2017 at 3:06 PM, [email protected] <[email protected]> >> wrote: >> >>> There are a few questions that need to be answered first. How do you >>> plan to monitor the LAN? Are you going to run YAF, Bro, Snort, others? >>> How big is your LAN, how much traffic traverses it, what is the traffic >>> composition (heavily impacts the amount of logs from Bro/YAF/Snort), how >>> much retention of data do you want, do you plan to store PCAP? >>> >>> Jon >>> >>> On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> >>> wrote: >>> >>>> Hello, >>>> >>>> I intend to use Apache Metron framework for the analysis of our local >>>> area network. What is the best way to get started? Which installation is >>>> most suitable for me as listed in the following link: >>>> https://cwiki.apache.org/confluence/display/METRON/Installation >>>> >>>> Kindly help me with this. >>>> >>>> Regards. >>>> >>> -- >>> >>> Jon >>> >> >> -- > > Jon >
