Snort is one of the more popular Network Intrusion Prevention Systems (NIPS) out there today.  Snort monitors network traffic and produces alerts that are generated based on signatures from community rules.  Metron plays the output of the packet capture probe to Snort and whenever Snort alerts are triggered Metron uses Apache Flume to pipe these alerts to a Kafka topic.  Once Snort alerts land into Kafka topic they are then picked up by the parsing topology

See related components:

Parsing Topology

  • No labels