In order to test the accuracy of IPFIX-RITA + YAF vs RITA + Bro IDS, we need a way to difference RITA conn collections. Currently, MongoDiff supports differencing entire databases. Unfortunately, there are fields that are left blank by IPFIX-RITA + YAF that are filled in by RITA + Bro IDS. The MongoDiff script will flag these as differences. The MongoDiff script should be adapted to our use case in order to ignore these differences.
Zalgo2462
commented
6 years ago
In order to test the accuracy of IPFIX-RITA + YAF vs RITA + Bro IDS, we need a way to difference RITA conn collections. Currently, MongoDiff supports differencing entire databases. Unfortunately, there are fields that are left blank by IPFIX-RITA + YAF that are filled in by RITA + Bro IDS. The MongoDiff script will flag these as differences. The MongoDiff script should be adapted to our use case in order to ignore these differences.