You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by FeiChen <c_...@163.com> on 2016/07/04 08:45:04 UTC

where 's the ML module

    Hi
            i  had studied a long time about opensoc  project in recent days, now i know that the opensoc project have moved to “metron.incubator” ,  i what to know something about ML-module in "metron.incubator " which it appered in "opensoc" project. 
someone can help me ?

答复: Re:Re: where 's the ML module

Posted by FeiChen <c_...@163.com>.
It is very useful  to me,  i am looking for it . 

 

Thanks a lot

 

JJ

 

发件人: user-return-66-c_chenfei=163.com@metron.incubator.apache.org [mailto:user-return-66-c_chenfei=163.com@metron.incubator.apache.org] 代表 Nick Allen
发送时间: 2016年7月5日 23:26
收件人: user@metron.incubator.apache.org
主题: Re: Re:Re: where 's the ML module

 

We currently have a CLI (command line interface) for extracting raw network packets out of HDFS and producing a libpcap-compliant file that can be opened in tools like Wireshark.  This was part of METRON-235 [1], work completed by @mmiklavcic.  I am not sure if we have better documentation than what is linked to in the JIRA or PR.

 

[1] https://issues.apache.org/jira/browse/METRON-235

 

On Mon, Jul 4, 2016 at 11:05 PM, FeiChen <c_...@163.com> wrote:





and another question is that  how to run the PCAP Topology so that  i can use the search function in the  PCAP panel . i have tried run the pcap topology that it could save the pcap file in hdfs and hbse  and generate the 

pcap index in ES, but it could't work well in  seach pcap function. !

 


At 2016-07-05 10:09:43, "FeiChen" <c_...@163.com> wrote:

 

pleasure to do it   <http://mimg.163.com/jy3style/lib/htmlEditor/portrait/face/preview/face0.gif> 

 and now  i am planing to complete  the model of “attack scene reconstruction”  in cyber security area by using storm topology or MR framework. but i am not  have an clear  idea  about which one should be  used !  and  i am confused about it. so, i want to take a reference from the project "metron.incubator" to learn how to do this.

i have read the links you put, and is it means that in "OpenSOC" project we have not implemented the ML-module yet or other ?

 

Thanks for your help !

Best Regards

 

 

 


At 2016-07-05 04:35:14, "James Sirota" <js...@apache.org> wrote:
>Hi. We are going through the design right now.  You can participate in the design by leaving a comment on the following Jira.  https://issues.apache.org/jira/browse/METRON-265
> 
>04.07.2016, 01:45, "FeiChen" <c_...@163.com>:
>>     Hi
>>             i  had studied a long time about opensoc  project in recent days, now i know that the opensoc project have moved to “metron.incubator” ,  i what to know something about ML-module in "metron.incubator " which it appered in "opensoc" project.
>> someone can help me ?
> 
>------------------- 
>Thank you,
> 
>James Sirota
>PPMC- Apache Metron (Incubating)
>jsirota AT apache DOT org

 

 

 

 





 

-- 

Nick Allen <ni...@nickallen.org>

Re: Re:Re: where 's the ML module

Posted by Nick Allen <ni...@nickallen.org>.
We currently have a CLI (command line interface) for extracting raw network
packets out of HDFS and producing a libpcap-compliant file that can be
opened in tools like Wireshark.  This was part of METRON-235 [1], work
completed by @mmiklavcic.  I am not sure if we have better documentation
than what is linked to in the JIRA or PR.

[1] https://issues.apache.org/jira/browse/METRON-235

On Mon, Jul 4, 2016 at 11:05 PM, FeiChen <c_...@163.com> wrote:

>
>
>
> and another question is that  how to run the PCAP Topology so that  i can
> use the search function in the  PCAP panel . i have tried run the pcap
> topology that it could save the pcap file in hdfs and hbse  and generate
> the
> pcap index in ES, but it could't work well in  seach pcap function. !
>
>
> At 2016-07-05 10:09:43, "FeiChen" <c_...@163.com> wrote:
>
>
> pleasure to do it
>  and now  i am planing to complete  the model of “attack scene
> reconstruction”  in cyber security area by using storm topology or MR
> framework. but i am not  have an clear  idea  about which one should be
>  used !  and  i am confused about it. so, i want to take a reference from
> the project "metron.incubator" to learn how to do this.
> i have read the links you put, and is it means that in "OpenSOC" project
> we have not implemented the ML-module yet or other ?
>
> Thanks for your help !
> Best Regards
>
>
>
>
>
> At 2016-07-05 04:35:14, "James Sirota" <js...@apache.org> wrote:
> >Hi. We are going through the design right now.  You can participate in the design by leaving a comment on the following Jira.  https://issues.apache.org/jira/browse/METRON-265
> >
> >04.07.2016, 01:45, "FeiChen" <c_...@163.com>:
> >>     Hi
> >>             i  had studied a long time about opensoc  project in recent days, now i know that the opensoc project have moved to “metron.incubator” ,  i what to know something about ML-module in "metron.incubator " which it appered in "opensoc" project.
> >> someone can help me ?
> >
> >-------------------
> >Thank you,
> >
> >James Sirota
> >PPMC- Apache Metron (Incubating)
> >jsirota AT apache DOT org
>
>
>
>
>
>
>
>
>



-- 
Nick Allen <ni...@nickallen.org>

Re:Re:Re: where 's the ML module

Posted by FeiChen <c_...@163.com>.



and another question is that  how to run the PCAP Topology so that  i can use the search function in the  PCAP panel . i have tried run the pcap topology that it could save the pcap file in hdfs and hbse  and generate the 
pcap index in ES, but it could't work well in  seach pcap function. !



At 2016-07-05 10:09:43, "FeiChen" <c_...@163.com> wrote:



pleasure to do it 
 and now  i am planing to complete  the model of “attack scene reconstruction”  in cyber security area by using storm topology or MR framework. but i am not  have an clear  idea  about which one should be  used !  and  i am confused about it. so, i want to take a reference from the project "metron.incubator" to learn how to do this.
i have read the links you put, and is it means that in "OpenSOC" project we have not implemented the ML-module yet or other ?


Thanks for your help !
Best Regards








At 2016-07-05 04:35:14, "James Sirota" <js...@apache.org> wrote:
>Hi. We are going through the design right now.  You can participate in the design by leaving a comment on the following Jira.  https://issues.apache.org/jira/browse/METRON-265
>
>04.07.2016, 01:45, "FeiChen" <c_...@163.com>:
>>     Hi
>>             i  had studied a long time about opensoc  project in recent days, now i know that the opensoc project have moved to “metron.incubator” ,  i what to know something about ML-module in "metron.incubator " which it appered in "opensoc" project.
>> someone can help me ?
>
>------------------- 
>Thank you,
>
>James Sirota
>PPMC- Apache Metron (Incubating)
>jsirota AT apache DOT org

Re:Re: where 's the ML module

Posted by FeiChen <c_...@163.com>.

pleasure to do it 
 and now  i am planing to complete  the model of “attack scene reconstruction”  in cyber security area by using storm topology or MR framework. but i am not  have an clear  idea  about which one should be  used !  and  i am confused about it. so, i want to take a reference from the project "metron.incubator" to learn how to do this.
i have read the links you put, and is it means that in "OpenSOC" project we have not implemented the ML-module yet or other ?


Thanks for your help !
Best Regards








At 2016-07-05 04:35:14, "James Sirota" <js...@apache.org> wrote:
>Hi. We are going through the design right now.  You can participate in the design by leaving a comment on the following Jira.  https://issues.apache.org/jira/browse/METRON-265
>
>04.07.2016, 01:45, "FeiChen" <c_...@163.com>:
>>     Hi
>>             i  had studied a long time about opensoc  project in recent days, now i know that the opensoc project have moved to “metron.incubator” ,  i what to know something about ML-module in "metron.incubator " which it appered in "opensoc" project.
>> someone can help me ?
>
>------------------- 
>Thank you,
>
>James Sirota
>PPMC- Apache Metron (Incubating)
>jsirota AT apache DOT org

Re: where 's the ML module

Posted by James Sirota <js...@apache.org>.
Hi. We are going through the design right now.  You can participate in the design by leaving a comment on the following Jira.  https://issues.apache.org/jira/browse/METRON-265

04.07.2016, 01:45, "FeiChen" <c_...@163.com>:
> � � Hi
> � � � � � � i �had studied a long time about opensoc �project in recent days, now i know that the opensoc project have moved to \u201cmetron.incubator\u201d , �i what to know something about ML-module in "metron.incubator " which it appered in "opensoc" project.
> someone can help me ?

-------------------�
Thank you,

James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org