1 - It us up to you to install and configure snort however you want. Metron simply consumes the Snort telemetry, but is not opinionated about how you setup your sensors. I would recommend starting with the community rule set: https://www.snort.org/faq/what-are-community-rules
2 - Again, this is outside of scope of Metron. You can view this video to get you started: https://www.youtube.com/watch?v=RUmYojxy3Xw
3 - Metron is not a network mapping tool (although support for graph databases is not too far in the future). Today, the best way to generate a network map (graph) is by using kibana. I would refer you to the following article: https://www.elastic.co/products/x-pack/graph
4 - The snort generated data would be indexed in Elasticsearch and/or stored on HDFS, depending on how you configured the system
Thanks,
James
04.10.2017, 03:23, "Syed Hammad Tahir" <[email protected]>:
Regards.KIndly also give me some tutorial to follow for better understanding.4- Is snort generated data stored somewhere?3- Can I map the network using metron?2- How can I change the rules in snort1- In how many configurations can I use snort with metron (for ex packet capture in sniffing mode etc)?Hi all,Now that I have installed metron (single node installation on ubuntu machine), I want to do some initial testing on snort data. I have a few questions regarding this:
-------------------
Thank you,
James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org
