When I say sensors I'm referring to tools that would feed into Metron like bro, yaf, snort, etc.
Jon On Thu, Sep 7, 2017, 09:13 Syed Hammad Tahir <[email protected]> wrote: > I will confirm about batch or streaming data. The sensors you mentioned, > are they some particular devices or you are referring to sniffers or > builtin Metron tools? > > On Thursday, September 7, 2017, [email protected] <[email protected]> wrote: > >> Okay so that sounds much easier - will it be done in batches or streaming >> (the network data processing, not the analytics)? I assume the former, >> given your situation. If that's true and you don't have huge amounts of >> data you may be able to do everything in full dev or an equivalent VM. A >> lot of this depends on what you will be feeding into Metron, and to know >> that you need to set up the sensors and get the network traffic first. >> >> Jon >> >> On Thu, Sep 7, 2017, 00:40 Syed Hammad Tahir <[email protected]> >> wrote: >> >>> Hi, >>> >>> What I wanted to do with this is the following: >>> >>> 1- Gather Network Data >>> >>> 2- Analyse it >>> >>> 3- Apply some machine learning algorithm to detect intrusion >>> >>> >>> Now by seeking the use of Metron framework, am I following the right >>> track here? >>> >>> >>> Regards. >>> >>> On Wed, Sep 6, 2017 at 6:10 PM, [email protected] <[email protected]> >>> wrote: >>> >>>> I would start with getting the data sources (syslog, bro data, snort >>>> logs, etc.) first. Without knowing the architecture of those tools makes >>>> it very difficult to suggest an install method, although for prod use I >>>> would always default to a bare metal install. In your case you don't seem >>>> interested in PCAP, which means you _may_ be able to get away with >>>> something in EC2 or similar. >>>> >>>> Jon >>>> >>>> On Wed, Sep 6, 2017 at 6:41 AM Syed Hammad Tahir <[email protected]> >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> Thankyou for answering my call to help. >>>>> >>>>> I am going to use it for the purpose of research at graduate level, >>>>> and may scale it on a production level. I am targeting a few labs on this >>>>> floor , that approximately accumulates upto 30-40 people using the >>>>> network. >>>>> I am open to options of using YAF, BRO, SNORT and others. Once started >>>>> then I may also expand it in the future. What are your recommendations on >>>>> the stated requirements. >>>>> >>>>> Best Regards. >>>>> >>>>> On Wed, Sep 6, 2017 at 3:06 PM, [email protected] <[email protected]> >>>>> wrote: >>>>> >>>>>> There are a few questions that need to be answered first. How do you >>>>>> plan to monitor the LAN? Are you going to run YAF, Bro, Snort, others? >>>>>> How big is your LAN, how much traffic traverses it, what is the traffic >>>>>> composition (heavily impacts the amount of logs from Bro/YAF/Snort), how >>>>>> much retention of data do you want, do you plan to store PCAP? >>>>>> >>>>>> Jon >>>>>> >>>>>> On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I intend to use Apache Metron framework for the analysis of our >>>>>>> local area network. What is the best way to get started? Which >>>>>>> installation >>>>>>> is most suitable for me as listed in the following link: >>>>>>> https://cwiki.apache.org/confluence/display/METRON/Installation >>>>>>> >>>>>>> Kindly help me with this. >>>>>>> >>>>>>> Regards. >>>>>>> >>>>>> -- >>>>>> >>>>>> Jon >>>>>> >>>>> >>>>> -- >>>> >>>> Jon >>>> >>> >>> -- >> >> Jon >> > -- Jon
