[Oisf-users] Response to -> OPNids - Any thoughts? thread

Nelson, Cooper cnelson at ucsd.edu
Fri May 31 21:34:56 UTC 2019

Hi Ray,

Apologies for the delay, I'm recovering from a chronic health issue and been meaning to send you a response.

First of all, this is *exactly* what I've been looking for some time, I was even working on something similar on Linux and hoping to have something to present at the last SuriCon.  Unfortunately some high-profile engagements got in the way of that.

Anyway, I'm very eager to try your stuff out and have a very specific technical question that I've been struggling with on the linux side of things.  I'll reach out off-list to discuss.

Please keep us updated, this is a very exciting project for my particular research interests.


From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Ray Schneider
Sent: Friday, March 29, 2019 6:12 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Response to -> OPNids - Any thoughts? thread

Hello OISF-Users,

This post is a response from the OPNids team to the thread referenced in the subject line.

First, we would like to thank everyone and anyone on this list that has expressed an interest in OPNids and downloaded it to give it a try and experiment with the DragonFly Machine Learning Engine that is included in the OPNids install. They are separate open source projects available at the links included at the bottom of the message.

The project would like to clear up what appears to be a misunderstanding. The DragonFly-MLE is included in the OPNids images that are currently available at the mirrors of the project. It does not however run in a container inside those images since they are FreeBSD based living on top of the OPNsense ecosystem.

The MLE is not enabled by default, this must be done post install via the web gui. This is because the project had decided that the end user should enabled it if it is desired since you need to write/configure analyzers for it in order to get any value. The first release of OPNids had a goal of enablement, meaning we wanted to enable the community to write analyzers and using the Dragonfly Machine Learning Engine on the system, perform machine learning activities in coordination with Suricata (also included in OPNids).

We are planning a new release in the coming weeks (with many more provided image options beyond the 2 available today). There are a lot of updates coming. I hope you all will join us and provide constructive feedback and participation if you are so inclined. We are still a new project, although much of what we are stands on the shoulders of the Suricata project and the OPNsense project to be sure.

Thanks for reading this long response. We hope it clears up some of the confusion.

The OPNids Project

OPNids * GitHub<https://github.com/opnids>
OPNids has 8 repositories available. Follow their code on GitHub.

GitHub - counterflow-ai/dragonfly-mle: DragonFly: Streaming Machine Learning Engine (MLE) for Network Threat Detection<https://github.com/counterflow-ai/dragonfly-mle>
QUICK START. Using Docker, this example assumes there is an instance of Suricata already installed and running on the host and it is logging to eve.json in directory /var/log/suricata/log.
The first integration of Suricata IDS with a purpose-built Machine Learning Scripting Engine. A pathway forward for the Data Science Security Analyst to take advantage of today's mature and robust Suricata network detection engine while experimenting with machine learning threat models -- all bundled in a free, open

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190531/c064020c/attachment-0001.html>

More information about the Oisf-users mailing list