metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Casey Stella <ceste...@gmail.com>
Subject Re: [DISCUSS] Entity Profiler
Date Fri, 05 Aug 2016 12:58:45 GMT
I don't think the attachment came through, Nick.  Can you post the PDF on
the JIRA?

On Wed, Aug 3, 2016 at 4:22 PM, Nick Allen <nick@nickallen.org> wrote:

> I have been thinking through the implementation of something that I am
> calling the "Entity Profiler."  The idea/concept was passed on to me by
> James Sirota and I think it would be very useful as a part of Metron.
>
> I have a draft design that I would love to get feedback on.  Please see
> the attached PDF.  If anything is not clear, please let me know.
>
> *The Entity Profiler is a feature extraction mechanism that can capture a
> Profile that describes any Entity on a network.  The Entity might be a
> server, user, subnet or application.  The Profile itself is simply a time
> series of numeric values.  *
>
>
>
> *The Entity Profiler will enable feature extraction using sliding windows
> over streaming telemetry data.  The Entity Profiler will enable a summary
> statistic to be applied to raw data over a given time horizon.  Collecting
> these values across many time horizons results in a time series that is
> useful for analysis.*
>
>
>
> Hopefully that is enough of a tease to gain your interest.
>
> Thanks
>
>
>
> --
> Nick Allen <nick@nickallen.org>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message