Sai Peddy created METRON-332:
--------------------------------
Summary: Create Radware Parser
Key: METRON-332
URL: https://issues.apache.org/jira/browse/METRON-332
Project: Metron
Issue Type: New Feature
Reporter: Sai Peddy
Priority: Minor
I would like to create a parser for the radware parser
<180>DefensePro: 21-03-2016 21:55:05 WARNING 432 Anti-Scanning "TCP Scan
(horizontal)" TCP 342.423.343.342 0 0.0.0.0 8080 0 Regular "Catch All" ongoing
2 0 N/A 0 N/A medium drop AAAAAAAA-AAAA-AAAA-AD8B-0004555104DD
{code:none}{"priority": "180", "timestamp": "March 21st, 2016 21:55:05",
"severity": "WARNING", "radware_id": "423", "category": "Anti-Scanning",
"event_name": "TCP Scan (horizontal)", "protocol": "TCP", "ip_src_addr":
"342.423.343.342", "ip_src_port": "0", "ip_dst_adr": "0.0.0.0", "ip_dst_port":
"8080", "physical_port": "0", "context": "Regular", "policy_name": "Catch All",
"event_type": "ongoing", "packet_count": "2", "packet_bandwidth": "0",
"vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag": "N/A", "risk": "medium",
"action": "drop", "unique_id": "AAAAAAAA-AAAA-AAAA-AD8B-0004555104DD"}{code}
<180>DefensePro: 15-04-2016 16:01:43 WARNING 234 DNS-Protection "DNS flood IPv4
DNS-PTR" UDP 123.345.675.123 12344 123.45.123.123 23 12 Regular
"NS13_123.43.123.1321" sampled 1 97 N/A 0 N/A high forward
AAAAAAAA-AAAA-AAAA-41DE-000154E73380
{code:none}{"priority": "180", "timestamp": "April 15st, 2016 16:01:43",
"severity": "WARNING", "radware_id": "234", "category": "DNS-Protection",
"event_name": "DNS flood IPv4 DNS-PTR", "protocol": "UDP", "ip_src_addr":
"123.345.675.123", "ip_src_port": "12344", "ip_dst_adr": "123.45.123.123",
"ip_dst_port": "23", "physical_port": "12", "context": "Regular",
"policy_name": "NS13_123.43.123.1321", "event_type": "sampled", "packet_count":
"1", "packet_bandwidth": "97", "vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag":
"N/A", "risk": "high", "action": "forward", "unique_id":
"AAAAAAAA-AAAA-AAAA-41DE-000154E73380"}{code}
<180>DefensePro: 15-04-2016 15:59:35 WARNING 234 DNS-Protection "DNS flood IPv4
DNS-PTR" UDP 34.423.12.1 12345 093.54.12.432 12 4 N/A "NS12_9838.23.21.1132"
sampled 1 97 N/A 0 N/A high challenge AAAAAAAA-AAAA-AAAA-FE8C-000855066197
{code:none}{"priority": "180", "timestamp": "April 15st, 2016 15:59:35",
"severity": "WARNING", "radware_id": "234", "category": "DNS-Protection",
"event_name": "DNS flood IPv4 DNS-PTR", "protocol": "UDP", "ip_src_addr":
"34.423.12.1", "ip_src_port": "12345", "ip_dst_adr": "093.54.12.432",
"ip_dst_port": "12", "physical_port": "4", "context": "N/A", "policy_name":
"NS12_9838.23.21.1132", "event_type": "sampled", "packet_count": "1",
"packet_bandwidth": "97", "vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag": "N/A",
"risk": "high", "action": "challenge", "unique_id":
"AAAAAAAA-AAAA-AAAA-FE8C-000855066197"}{code}
<180>DefensePro: 15-04-2016 17:00:43 WARNING 123 Anti-Scanning "UDP Scan
(horizontal)" UDP 890.301.3.103 0 0.0.0.0 283 0 Regular "Catch All" ongoing 0 0
N/A 0 N/A medium drop AAAAAAAA-AAAA-AAAA-3CFF-000554EB39F6
{code:none}{"priority": "180", "timestamp": "April 15st, 2016 17:00:43",
"severity": "WARNING", "radware_id": "123", "category": "Anti-Scanning",
"event_name": "UDP Scan (horizontal)", "protocol": "UDP", "ip_src_addr":
"890.301.3.103", "ip_src_port": "0", "ip_dst_adr": "0.0.0.0", "ip_dst_port":
"283", "physical_port": "0", "context": "Regular", "policy_name": "Catch All",
"event_type": "ongoing", "packet_count": "0", "packet_bandwidth": "0",
"vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag": "N/A", "risk": "medium",
"action": "drop", "unique_id": "AAAAAAAA-AAAA-AAAA-3CFF-000554EB39F6"}{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
