metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Foley <>
Subject Re: [CALL FOR TEST DATA] Request help identifying public domain or opensource test data sets for Metron testing
Date Sat, 08 Oct 2016 01:05:08 GMT
Dima, that’s great!

Since you’re talking about a code contribution (or several :-), let’s move the discussion
over to the list, after this response.  Briefly, here’s
how you submit a contribution.

First the housekeeping:
1. If Sstech has not yet signed a Corporate CLA with Apache, please ask them to do so (instructions
2. If you, or a colleague who will submit the contributions, has not yet signed an Individual
CLA, please do so (instructions <>)

Since you’ve been successfully writing Metron parsers, you almost certainly have already
done the following, but I’ll mention them here for the sake of other readers:
3. If you’re not on the dev mailing list, please join it (instructions <>)
4. If you weren’t a registered user of Apache’s Jira, you would request to be added, but
I see you already are, so that’s good.
5. If you don’t yet have an account on, sign up for one (the free level is fine).
6. Set up a Metron Development Environment, and establish the ability to spin up a single-node
test environment (instructions <>)

To actually make the contribution, you follow the process shown in:

I’ll go into more detail in a direct email.
Thanks a lot for being interested in submitting these!


From: Dima Kovalyov <>
Sent: Friday, October 07, 2016 4:44 PM
To:; Satish Abburi
Subject: Re: [CALL FOR TEST DATA] Request help identifying public domain or opensource test
data sets for Metron testing
Hello Matt,

We (Sstech team) currently have parsers and data generators for BlueCoat, Unix, MS Exchange,
MS Windows and we would gladly contribute them.

Can you please share the procedure for submitting these peaces?
Thank you.

- Dima

On 10/08/2016 01:49 AM, Matt Foley wrote:
> Hi all,
> Enhanced testing of Metron, especially performance testing, would be aided by having
data sets of realistic size, that exercise one or more of the various parts of Metron:
> each Parser (bro, yaf, snort, squid, ...)
> each Enhancer (geo, user, assets, ...)
> each Threat Intel module (Soltra, HailATaxi, ...)
> Data sets must meet the following criteria:
> opensource or public domain
> suitably scrubbed, containing no Personally Identifiable Information
> unencumbered by company sensitivity, security, or IP concerns.
> They may take the form of raw PCAP streams, or they may be already parsed or otherwise
> If you know of opensource or public domain data sets of this kind, please respond with
the URL, in this email thread or to the Jira ticket METRON-491 <>.
> If you have an appropriate data set that your company would be willing to contribute,
please also respond and we will help in any way we can.
> ​
> Thanks,
> --Matt

View raw message