metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "FeiChen" <>
Subject 答复: Re:Re: where 's the ML module
Date Tue, 05 Jul 2016 16:11:05 GMT
It is very useful  to me,  i am looking for it . 


Thanks a lot




发件人: []
代表 Nick Allen
发送时间: 2016年7月5日 23:26
主题: Re: Re:Re: where 's the ML module


We currently have a CLI (command line interface) for extracting raw network packets out of
HDFS and producing a libpcap-compliant file that can be opened in tools like Wireshark.  This
was part of METRON-235 [1], work completed by @mmiklavcic.  I am not sure if we have better
documentation than what is linked to in the JIRA or PR.




On Mon, Jul 4, 2016 at 11:05 PM, FeiChen <> wrote:

and another question is that  how to run the PCAP Topology so that  i can use the search function
in the  PCAP panel . i have tried run the pcap topology that it could save the pcap file in
hdfs and hbse  and generate the 

pcap index in ES, but it could't work well in  seach pcap function. !


At 2016-07-05 10:09:43, "FeiChen" <> wrote:


pleasure to do it   <>

 and now  i am planing to complete  the model of “attack scene reconstruction”  in cyber
security area by using storm topology or MR framework. but i am not  have an clear  idea 
about which one should be  used !  and  i am confused about it. so, i want to take a reference
from the project "metron.incubator" to learn how to do this.

i have read the links you put, and is it means that in "OpenSOC" project we have not implemented
the ML-module yet or other ?


Thanks for your help !

Best Regards




At 2016-07-05 04:35:14, "James Sirota" <> wrote:
>Hi. We are going through the design right now.  You can participate in the design by leaving
a comment on the following Jira.
>04.07.2016, 01:45, "FeiChen" <>:
>>     Hi
>>             i  had studied a long time about opensoc  project in recent days, now
i know that the opensoc project have moved to “metron.incubator” ,  i what to know something
about ML-module in "metron.incubator " which it appered in "opensoc" project.
>> someone can help me ?
>Thank you,
>James Sirota
>PPMC- Apache Metron (Incubating)
>jsirota AT apache DOT org







Nick Allen <>

View raw message