metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carolyn Duby <>
Subject Re: Metron correlation capabilities
Date Thu, 06 Oct 2016 12:40:37 GMT
Thanks James.

On 10/5/16, 6:13 PM, "James Sirota" <> wrote:

>Hi Carolyn,
>The correlation capabilities are done via ES queries and are visualized in Kibana.  Metron's
Stallar tranformation, enrichment, and threat intel correlation capabilities allow you to
pull up all relevant data and context for all telemetries ingested with a single query.  Metron's
PCAP services then allow you to tie it in with the underlying packet capture.  
>With respect to ML analytics, Metron has Model as a Service that allows the creation of
stand alone models, ensembles of models, or chaining of multiple models and provides model
provisioning, discovery, and scoring.  If your customer has pre-existing analytics packs they
wish to run on top of Metron please refer them to the boards and we will help them get the
models to run on MaaS.  
>05.10.2016, 14:41, "Carolyn Duby" <>:
>> Does Metron have any correlation capabilities that we can demonstrate now?
>> Are any analytics packs ready to show?
>> We have a customer asking about these capabilities.
>> Thanks
>> Carolyn
>Thank you,
>James Sirota
>PPMC- Apache Metron (Incubating)
>jsirota AT apache DOT org
View raw message