Yes, you can use Snort. Metron can consume Snort telemetries out of the box. You have to setup Snort on your own and push the output into a kafka topic (most likely using NiFi). From there on you can use the output of Snort in Metron.
10.10.2017, 00:48, "Syed Hammad Tahir" <mscs16...@itu.edu.pk>:
Regards.Hi,Can I use snort in packet capture mode with metron? By default it works in IDS mode only.
-------------------
Thank you,
James Sirota
PMC- Apache Metron
jsirota AT apache DOT org
