Hello Khurram,
I found the following (posted on Feb 2017): https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source It includes instructions for installing Nifi and ingesting Squid. In a call last month I heard the Metron team was planning to make a video on ingesting new sources. Looking forward to that and hopefully seeing the Management UI (see screen cap) in action :). Hope it helps -Ahmed ________________________________ From: Khurram Ahmed <[email protected]> Sent: September 8, 2017 1:43 AM To: [email protected] Subject: Re: Getting Started Where can we find up to date documentation on supported sensors? The existing documentation on metron website on sensors dates back to early 2016 and might be stale. I read somewhere that Metron had plans to support Nifi as a possible source of input data. I cannot find any documentation regarding integrating data gleaned from sources connected through Nifi. Any help in this regard will be highly appreciated. On Thu, Sep 7, 2017 at 8:15 PM, [email protected] <[email protected]<mailto:[email protected]>> wrote: When I say sensors I'm referring to tools that would feed into Metron like bro, yaf, snort, etc. Jon On Thu, Sep 7, 2017, 09:13 Syed Hammad Tahir <[email protected]<mailto:[email protected]>> wrote: I will confirm about batch or streaming data. The sensors you mentioned, are they some particular devices or you are referring to sniffers or builtin Metron tools? On Thursday, September 7, 2017, [email protected] <[email protected]<mailto:[email protected]>> wrote: Okay so that sounds much easier - will it be done in batches or streaming (the network data processing, not the analytics)? I assume the former, given your situation. If that's true and you don't have huge amounts of data you may be able to do everything in full dev or an equivalent VM. A lot of this depends on what you will be feeding into Metron, and to know that you need to set up the sensors and get the network traffic first. Jon On Thu, Sep 7, 2017, 00:40 Syed Hammad Tahir <[email protected]> wrote: Hi, What I wanted to do with this is the following: 1- Gather Network Data 2- Analyse it 3- Apply some machine learning algorithm to detect intrusion Now by seeking the use of Metron framework, am I following the right track here? Regards. On Wed, Sep 6, 2017 at 6:10 PM, [email protected] <[email protected]> wrote: I would start with getting the data sources (syslog, bro data, snort logs, etc.) first. Without knowing the architecture of those tools makes it very difficult to suggest an install method, although for prod use I would always default to a bare metal install. In your case you don't seem interested in PCAP, which means you _may_ be able to get away with something in EC2 or similar. Jon On Wed, Sep 6, 2017 at 6:41 AM Syed Hammad Tahir <[email protected]> wrote: Hello, Thankyou for answering my call to help. I am going to use it for the purpose of research at graduate level, and may scale it on a production level. I am targeting a few labs on this floor , that approximately accumulates upto 30-40 people using the network. I am open to options of using YAF, BRO, SNORT and others. Once started then I may also expand it in the future. What are your recommendations on the stated requirements. Best Regards. On Wed, Sep 6, 2017 at 3:06 PM, [email protected] <[email protected]> wrote: There are a few questions that need to be answered first. How do you plan to monitor the LAN? Are you going to run YAF, Bro, Snort, others? How big is your LAN, how much traffic traverses it, what is the traffic composition (heavily impacts the amount of logs from Bro/YAF/Snort), how much retention of data do you want, do you plan to store PCAP? Jon On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> wrote: Hello, I intend to use Apache Metron framework for the analysis of our local area network. What is the best way to get started? Which installation is most suitable for me as listed in the following link: https://cwiki.apache.org/confluence/display/METRON/Installation Kindly help me with this. Regards. -- Jon -- Jon -- Jon -- Jon
