Yes, after passing your data from enrichment and labelling phase you can further take it do data modelling phase where you can use python kind of language to apply different modelling techniques on your data.
Cheers, Umesh Kaushik 9620023458 Sent from mobile device, kindly ignore the typographical errors. On 05-Oct-2017 10:55 AM, "Syed Hammad Tahir" <[email protected]> wrote: > Hi, > > Lets say I have dumped snort data. Can I apply some machine learning on it > in metron? > > On Thu, Oct 5, 2017 at 12:54 AM, James Sirota <[email protected]> wrote: > >> 1 - It us up to you to install and configure snort however you want. >> Metron simply consumes the Snort telemetry, but is not opinionated about >> how you setup your sensors. I would recommend starting with the community >> rule set: https://www.snort.org/faq/what-are-community-rules >> >> 2 - Again, this is outside of scope of Metron. You can view this video to >> get you started: https://www.youtube.com/watch?v=RUmYojxy3Xw >> >> 3 - Metron is not a network mapping tool (although support for graph >> databases is not too far in the future). Today, the best way to generate a >> network map (graph) is by using kibana. I would refer you to the following >> article: https://www.elastic.co/products/x-pack/graph >> >> 4 - The snort generated data would be indexed in Elasticsearch and/or >> stored on HDFS, depending on how you configured the system >> >> Thanks, >> James >> >> >> 04.10.2017, 03:23, "Syed Hammad Tahir" <[email protected]>: >> >> Hi all, >> >> Now that I have installed metron (single node installation on ubuntu >> machine), I want to do some initial testing on snort data. I have a few >> questions regarding this: >> >> 1- In how many configurations can I use snort with metron (for ex packet >> capture in sniffing mode etc)? >> >> 2- How can I change the rules in snort >> >> 3- Can I map the network using metron? >> >> 4- Is snort generated data stored somewhere? >> >> KIndly also give me some tutorial to follow for better understanding. >> Regards. >> >> >> >> >> ------------------- >> Thank you, >> >> James Sirota >> PPMC- Apache Metron (Incubating) >> jsirota AT apache DOT org >> >> >
