Edward Zhang created EAGLE-11:
---------------------------------
Summary: Eagle and Splunk Integration for security activity
analysis
Key: EAGLE-11
URL: https://issues.apache.org/jira/browse/EAGLE-11
Project: Eagle
Issue Type: New Feature
Environment: production
Reporter: Edward Zhang
Eagle is distributed and realtime security activity monitoring tool with
easy-to-use policy management. Splunk is analysis tool for correlating events,
alerts from various data sources to identify security threat. Eagle and Splunk
can have good collaboration in identifying potential security issue in that
Eagle provides 1st abstraction of security alerts by applying many policies and
Splunk provides 2nd abstraction of security events by analyzing those security
alerts from Eagle.
Splunk provides a way to integrate external data sources by consuming syslog,
so Eagle needs export alerts to syslog server seamlessly.
We can batch import Eagle alerts or even use kafka bus where Eagle alerts are
generated into.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
