You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@metron.apache.org by Andre <an...@fucs.org> on 2016/08/16 22:11:31 UTC

Metron enrichment

Hi there,

I have been watching the project for a while and was wondering if you be
able to share what is the main motivation / rationale for having the basic
enrichment activities (whois, geoip) within Metron itself?

Couldn't that be also served at the edge during the telemetry collection?(
specially now that you are moving to a closer integration with NiFi)

Is it so that you can enrich both logs and pcaps, while telemetry would be
mostly able to process logs or certain data artfacts?

I thank you in advance