robertomagan
commented
2 years ago Hi Jesús!
This is though use a custom matrix calibration previously gathered from the same network escenario/environment where you will plan to deploy the sensor. Such a matrix should corresponds with a normal behavior (calibration) of such and environment and, yes, it is the output of the fcparser which the food of the inner PCA model of the sensor. So the steps you have to reproduce to built a custom calibration matrix are the following:
1.) Gathering the netflow traffic from the environment in form of nfcapd files and them get the CSV from the output of nfdump utility. 2.) Feeding the fcparser with the previous file. The output will be your custom matrix calibration.
I hope it helps you!
Best, Roberto.
daffi1238
Hi everybody, I open a new issue about custom calibration.
I saw that te project use by default "random" calibration using a 300x112 matrix (or something like that) and in the yaml configuration file we have the option to use a csv file for the first calibration. The doubt I started to have is if after a dynamic calibration we could generate a csv as well and save (for example) in data/calibration to have a check point about the calibration and just have to wait 1, 2, 3.. etc dynamic calibration the first time and have that for next experiments.
What would yo recommend to do about? I guess that I could take the nfcapd from data/sources/local/netflow and apply there fcparser in a loop and save the output in a csv, but maybe you have some better way.
Thank you and have a great day!