[Oisf-users] Response to -> OPNids - Any thoughts? thread

Ray Schneider rs at counterflowai.com
Fri Mar 29 13:12:26 UTC 2019

Hello OISF-Users,

This post is a response from the OPNids team to the thread referenced in the subject line.

First, we would like to thank everyone and anyone on this list that has expressed an interest in OPNids and downloaded it to give it a try and experiment with the DragonFly Machine Learning Engine that is included in the OPNids install. They are separate open source projects available at the links included at the bottom of the message.

The project would like to clear up what appears to be a misunderstanding. The DragonFly-MLE is included in the OPNids images that are currently available at the mirrors of the project. It does not however run in a container inside those images since they are FreeBSD based living on top of the OPNsense ecosystem.

The MLE is not enabled by default, this must be done post install via the web gui. This is because the project had decided that the end user should enabled it if it is desired since you need to write/configure analyzers for it in order to get any value. The first release of OPNids had a goal of enablement, meaning we wanted to enable the community to write analyzers and using the Dragonfly Machine Learning Engine on the system, perform machine learning activities in coordination with Suricata (also included in OPNids).

We are planning a new release in the coming weeks (with many more provided image options beyond the 2 available today). There are a lot of updates coming. I hope you all will join us and provide constructive feedback and participation if you are so inclined. We are still a new project, although much of what we are stands on the shoulders of the Suricata project and the OPNsense project to be sure.

Thanks for reading this long response. We hope it clears up some of the confusion.

The OPNids Project



OPNids ยท GitHub<https://github.com/opnids>
OPNids has 8 repositories available. Follow their code on GitHub.



GitHub - counterflow-ai/dragonfly-mle: DragonFly: Streaming Machine Learning Engine (MLE) for Network Threat Detection<https://github.com/counterflow-ai/dragonfly-mle>
QUICK START. Using Docker, this example assumes there is an instance of Suricata already installed and running on the host and it is logging to eve.json in directory /var/log/suricata/log.


The first integration of Suricata IDS with a purpose-built Machine Learning Scripting Engine. A pathway forward for the Data Science Security Analyst to take advantage of today's mature and robust Suricata network detection engine while experimenting with machine learning threat models -- all bundled in a free, open


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190329/e7310d5c/attachment.html>

More information about the Oisf-users mailing list