Start Topologies and Send Data

The final step in setting up Model as a Service, is to start the topologies and send some data to test the model.

  1. Start the sensor upon which the Model as a Service will run:
  2. Generate some legitimate data and some malicious data on the sensor.
    For example:
    #Legitimate example:
    #Malicious example:
  3. Send the data to Kafka:
    cat /var/log/squid/access.log | /usr/hdp/current/kafka-broker/bin/ --broker-list $KAFKA_HOST:6667 --topic squid
  4. Browse the data in Elasticsearch at http://$ELASTICSEARCH_HOST:9100/_plugin/head to verify that it contains the appropriate documents.
    For the current example, you would see the following:
    • One from which does not have is_alert set and does have is_malicious set to legit.
    • One from which does have is_alert set to true, is_malicious set to malicious, and threat:triage:level set to 100.