I've seen traffic come through about multiple efforts for writing the AD parser for Metron. I'd like to consolidate these efforts so that we can come up with a generic parser that is suitable for everyone's needs and that we don't duplicate effort. Please post to this thread if you are working or are in need of the AD parser. We can then throw a working group together and get the parser written and tested with everyone's telemetry. Also, please indicate if you are able to provide sample (anonymized) logs. If you are getting these logs from your corporate environment please check with your security office first prior to posting them.
------------------- Thank you, James Sirota PPMC- Apache Metron (Incubating) jsirota AT apache DOT org
