Cool. I can work on it in my spare time. Additional log files would be incredibly useful, or else this parser will be very specific to our use case – which is unlikely to be particularly useful to the larger population.
Keren On 10/5/16, 9:53 AM, "Nick Allen" <[email protected]> wrote: That would be great, Keren. Let us know what you need to make that happen. I think it would also be useful, if we could get anonymized test data from multiple organizations using Active Directory. That will help us ensure that the AD parser is broadly useful and not specific to one organization's AD installation. If anyone else has AD logs that they could anonymize and contribute, please chime in! On Wed, Oct 5, 2016 at 9:39 AM, Tseytlin, Keren < [email protected]> wrote: > Hi All, > > We have an active directory parser that is currently in production. We > would be happy to contribute it and work with whoever to make it generic ☺ > > Best, > Keren > > On 10/3/16, 5:58 PM, "[email protected]" <[email protected]> wrote: > > +1 in need of. No current effort because it is not our primary kerb > realm, > but we could use it. > > On Mon, Oct 3, 2016, 17:18 James Sirota <[email protected]> wrote: > > > I've seen traffic come through about multiple efforts for writing > the AD > > parser for Metron. I'd like to consolidate these efforts so that we > can > > come up with a generic parser that is suitable for everyone's needs > and > > that we don't duplicate effort. Please post to this thread if you > are > > working or are in need of the AD parser. We can then throw a > working group > > together and get the parser written and tested with everyone's > telemetry. > > Also, please indicate if you are able to provide sample (anonymized) > logs. > > If you are getting these logs from your corporate environment please > check > > with your security office first prior to posting them. > > > > ------------------- > > Thank you, > > > > James Sirota > > PPMC- Apache Metron (Incubating) > > jsirota AT apache DOT org > > > -- > > Jon > > > ________________________________________________________ > > The information contained in this e-mail is confidential and/or > proprietary to Capital One and/or its affiliates and may only be used > solely in performance of work or services for Capital One. The information > transmitted herewith is intended only for use by the individual or entity > to which it is addressed. If the reader of this message is not the intended > recipient, you are hereby notified that any review, retransmission, > dissemination, distribution, copying or other use of, or taking of any > action in reliance upon this information is strictly prohibited. If you > have received this communication in error, please contact the sender and > delete the material from your computer. > -- Nick Allen <[email protected]> ________________________________________________________ The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
