Hello, Just wondering if Metron has a feature to email alerts based on rules that a user defines.
Example: Rule A: Email the user 1...@1.com whenever ip_src_addr=100.2.10.* Rule B: Email the user 1...@1.com whenever payload contains "critical" If not, does anyone have any recommendations on where to code these rules in the Metron stack that uses attributes from the GROK parser? -Ahmed _______________________________________________________________ Ahmed Shah (PMP, M. Eng.) Cybersecurity Analyst & Developer GCR - Cybersecurity Operations Center Carleton University - cugcr.com<https://cugcr.com/tiki/lce/index.php>
