Thank you I guess i should have investigated beyond the sensor documentation. Would help to put nifi information in the sensor page though.
On Fri, Sep 8, 2017 at 11:39 AM, Ahmed Shah <[email protected]> wrote: > Hello Khurram, > > > I found the following (posted on Feb 2017): > > https://cwiki.apache.org/confluence/display/METRON/ > Adding+a+New+Telemetry+Data+Source > > It includes instructions for installing Nifi and ingesting Squid. > > > In a call last month I heard the Metron team was planning to make a video > on ingesting new sources. Looking forward to that and hopefully seeing the > Management UI (see screen cap) in action :). > > Hope it helps > > > -Ahmed > > ------------------------------ > *From:* Khurram Ahmed <[email protected]> > *Sent:* September 8, 2017 1:43 AM > *To:* [email protected] > *Subject:* Re: Getting Started > > Where can we find up to date documentation on supported sensors? The > existing documentation on metron website on sensors dates back to early > 2016 and might be stale. I read somewhere that Metron had plans to support > Nifi as a possible source of input data. I cannot find any documentation > regarding integrating data gleaned from sources connected through Nifi. Any > help in this regard will be highly appreciated. > > > On Thu, Sep 7, 2017 at 8:15 PM, [email protected] <[email protected]> wrote: > >> When I say sensors I'm referring to tools that would feed into Metron >> like bro, yaf, snort, etc. >> >> Jon >> >> On Thu, Sep 7, 2017, 09:13 Syed Hammad Tahir <[email protected]> >> wrote: >> >>> I will confirm about batch or streaming data. The sensors you mentioned, >>> are they some particular devices or you are referring to sniffers or >>> builtin Metron tools? >>> >>> On Thursday, September 7, 2017, [email protected] <[email protected]> >>> wrote: >>> >>>> Okay so that sounds much easier - will it be done in batches or >>>> streaming (the network data processing, not the analytics)? I assume the >>>> former, given your situation. If that's true and you don't have huge >>>> amounts of data you may be able to do everything in full dev or an >>>> equivalent VM. A lot of this depends on what you will be feeding into >>>> Metron, and to know that you need to set up the sensors and get the network >>>> traffic first. >>>> >>>> Jon >>>> >>>> On Thu, Sep 7, 2017, 00:40 Syed Hammad Tahir <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> What I wanted to do with this is the following: >>>>> >>>>> 1- Gather Network Data >>>>> >>>>> 2- Analyse it >>>>> >>>>> 3- Apply some machine learning algorithm to detect intrusion >>>>> >>>>> >>>>> Now by seeking the use of Metron framework, am I following the right >>>>> track here? >>>>> >>>>> >>>>> Regards. >>>>> >>>>> On Wed, Sep 6, 2017 at 6:10 PM, [email protected] <[email protected]> >>>>> wrote: >>>>> >>>>>> I would start with getting the data sources (syslog, bro data, snort >>>>>> logs, etc.) first. Without knowing the architecture of those tools makes >>>>>> it very difficult to suggest an install method, although for prod use I >>>>>> would always default to a bare metal install. In your case you don't >>>>>> seem >>>>>> interested in PCAP, which means you _may_ be able to get away with >>>>>> something in EC2 or similar. >>>>>> >>>>>> Jon >>>>>> >>>>>> On Wed, Sep 6, 2017 at 6:41 AM Syed Hammad Tahir < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> Thankyou for answering my call to help. >>>>>>> >>>>>>> I am going to use it for the purpose of research at graduate level, >>>>>>> and may scale it on a production level. I am targeting a few labs on >>>>>>> this >>>>>>> floor , that approximately accumulates upto 30-40 people using the >>>>>>> network. >>>>>>> I am open to options of using YAF, BRO, SNORT and others. Once started >>>>>>> then I may also expand it in the future. What are your recommendations >>>>>>> on >>>>>>> the stated requirements. >>>>>>> >>>>>>> Best Regards. >>>>>>> >>>>>>> On Wed, Sep 6, 2017 at 3:06 PM, [email protected] <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> There are a few questions that need to be answered first. How do >>>>>>>> you plan to monitor the LAN? Are you going to run YAF, Bro, Snort, >>>>>>>> others? How big is your LAN, how much traffic traverses it, what is >>>>>>>> the >>>>>>>> traffic composition (heavily impacts the amount of logs from >>>>>>>> Bro/YAF/Snort), how much retention of data do you want, do you plan to >>>>>>>> store PCAP? >>>>>>>> >>>>>>>> Jon >>>>>>>> >>>>>>>> On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I intend to use Apache Metron framework for the analysis of our >>>>>>>>> local area network. What is the best way to get started? Which >>>>>>>>> installation >>>>>>>>> is most suitable for me as listed in the following link: >>>>>>>>> https://cwiki.apache.org/confluence/display/METRON/Installation >>>>>>>>> >>>>>>>>> Kindly help me with this. >>>>>>>>> >>>>>>>>> Regards. >>>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Jon >>>>>>>> >>>>>>> >>>>>>> -- >>>>>> >>>>>> Jon >>>>>> >>>>> >>>>> -- >>>> >>>> Jon >>>> >>> -- >> >> Jon >> > >
