[jira] [Updated] (METRON-332) Create Radware Parser

Sun, 17 Jul 2016 14:34:11 -0700 

     [ 
https://issues.apache.org/jira/browse/METRON-332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David M. Lyle updated METRON-332:
---------------------------------
    Assignee:     (was: David M. Lyle)

> Create Radware Parser
> ---------------------
>
>                 Key: METRON-332
>                 URL: https://issues.apache.org/jira/browse/METRON-332
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Sai Peddy
>            Priority: Minor
>
> I would like to create a parser for the radware parser
> <180>DefensePro: 21-03-2016 21:55:05 WARNING 432 Anti-Scanning "TCP Scan 
> (horizontal)" TCP 342.423.343.342 0 0.0.0.0 8080 0 Regular "Catch All" 
> ongoing 2 0 N/A 0 N/A medium drop AAAAAAAA-AAAA-AAAA-AD8B-0004555104DD
> {code:none}{"priority": "180", "timestamp": "March 21st, 2016 21:55:05", 
> "severity": "WARNING", "radware_id": "423", "category": "Anti-Scanning", 
> "event_name": "TCP Scan (horizontal)", "protocol": "TCP", "ip_src_addr": 
> "342.423.343.342", "ip_src_port": "0", "ip_dst_adr": "0.0.0.0", 
> "ip_dst_port": "8080", "physical_port": "0", "context": "Regular", 
> "policy_name": "Catch All", "event_type": "ongoing", "packet_count": "2", 
> "packet_bandwidth": "0", "vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag": 
> "N/A", "risk": "medium", "action": "drop", "unique_id": 
> "AAAAAAAA-AAAA-AAAA-AD8B-0004555104DD"}{code}
> <180>DefensePro: 15-04-2016 16:01:43 WARNING 234 DNS-Protection "DNS flood 
> IPv4 DNS-PTR" UDP 123.345.675.123 12344 123.45.123.123 23 12 Regular 
> "NS13_123.43.123.1321" sampled 1 97 N/A 0 N/A high forward 
> AAAAAAAA-AAAA-AAAA-41DE-000154E73380
> {code:none}{"priority": "180", "timestamp": "April 15st, 2016 16:01:43", 
> "severity": "WARNING", "radware_id": "234", "category": "DNS-Protection", 
> "event_name": "DNS flood IPv4 DNS-PTR", "protocol": "UDP", "ip_src_addr": 
> "123.345.675.123", "ip_src_port": "12344", "ip_dst_adr": "123.45.123.123", 
> "ip_dst_port": "23", "physical_port": "12", "context": "Regular", 
> "policy_name": "NS13_123.43.123.1321", "event_type": "sampled", 
> "packet_count": "1", "packet_bandwidth": "97", "vlan_tag": "N/A", "mpls_rd": 
> "0", "mpls_tag": "N/A", "risk": "high", "action": "forward", "unique_id": 
> "AAAAAAAA-AAAA-AAAA-41DE-000154E73380"}{code}
> <180>DefensePro: 15-04-2016 15:59:35 WARNING 234 DNS-Protection "DNS flood 
> IPv4 DNS-PTR" UDP 34.423.12.1 12345 093.54.12.432 12 4 N/A 
> "NS12_9838.23.21.1132" sampled 1 97 N/A 0 N/A high challenge 
> AAAAAAAA-AAAA-AAAA-FE8C-000855066197
> {code:none}{"priority": "180", "timestamp": "April 15st, 2016 15:59:35", 
> "severity": "WARNING", "radware_id": "234", "category": "DNS-Protection", 
> "event_name": "DNS flood IPv4 DNS-PTR", "protocol": "UDP", "ip_src_addr": 
> "34.423.12.1", "ip_src_port": "12345", "ip_dst_adr": "093.54.12.432", 
> "ip_dst_port": "12", "physical_port": "4", "context": "N/A", "policy_name": 
> "NS12_9838.23.21.1132", "event_type": "sampled", "packet_count": "1", 
> "packet_bandwidth": "97", "vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag": 
> "N/A", "risk": "high", "action": "challenge", "unique_id": 
> "AAAAAAAA-AAAA-AAAA-FE8C-000855066197"}{code}
> <180>DefensePro: 15-04-2016 17:00:43 WARNING 123 Anti-Scanning "UDP Scan 
> (horizontal)" UDP 890.301.3.103 0 0.0.0.0 283 0 Regular "Catch All" ongoing 0 
> 0 N/A 0 N/A medium drop AAAAAAAA-AAAA-AAAA-3CFF-000554EB39F6
> {code:none}{"priority": "180", "timestamp": "April 15st, 2016 17:00:43", 
> "severity": "WARNING", "radware_id": "123", "category": "Anti-Scanning", 
> "event_name": "UDP Scan (horizontal)", "protocol": "UDP", "ip_src_addr": 
> "890.301.3.103", "ip_src_port": "0", "ip_dst_adr": "0.0.0.0", "ip_dst_port": 
> "283", "physical_port": "0", "context": "Regular", "policy_name": "Catch 
> All", "event_type": "ongoing", "packet_count": "0", "packet_bandwidth": "0", 
> "vlan_tag": "N/A", "mpls_rd": "0", "mpls_tag": "N/A", "risk": "medium", 
> "action": "drop", "unique_id": "AAAAAAAA-AAAA-AAAA-3CFF-000554EB39F6"}{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to