[Oisf-users] OPNids - Any thoughts?

[Nelson, Cooper]

And it uses docker, even better!

From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Nelson, Cooper
Sent: Tuesday, March 26, 2019 2:00 PM
To: fatema bannatwala <fatema.bannatwala at gmail.com>
Cc: Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] OPNids - Any thoughts?

Ok this is actually great news for me as I already have a mature sensor deployment, so it’s much easier for me to drop another open source product on top of it.  I’ll check it out and see how it works.

-Coop

From: fatema bannatwala <fatema.bannatwala at gmail.com<mailto:fatema.bannatwala at gmail.com>>
Sent: Tuesday, March 26, 2019 12:57 PM
To: Nelson, Cooper <cnelson at ucsd.edu<mailto:cnelson at ucsd.edu>>
Cc: Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>>
Subject: Re: [Oisf-users] OPNids - Any thoughts?

Hi Coop,

Thanks for the input.
Yeah, I have been playing around with it in a VM only on my desktop.
My only disappointment was the MLE part of it. It is not what is advertise in OPNids project, it is basically just Suricata on an iso with couple other services, as I mentioned earlier.
They are using DragonFly MLE which in itself is an open source project which can be anyways integrated to any NSM that produces json logs. And OPNids DOES NOT include it.
MLE has to be downladed and installed manually on that iso, which forfeits the purpose.

We had migrated from using snort to suricata in production last year, and have been using it fine.
Just wanted to experiment with the Machine Learning with Suricata alerts.

Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190326/68bf1ac3/attachment.html>