Jon Zeolla created METRON-546:
---------------------------------
Summary: Provide a default profiler for monitoring abuse of Metron
limitations
Key: METRON-546
URL: https://issues.apache.org/jira/browse/METRON-546
Project: Metron
Issue Type: Sub-task
Reporter: Jon Zeolla
Priority: Minor
Knowing that there are certain limitations imposed in the Metron environment,
especially in areas which could be attacker controlled, we should provide a
profiler which monitors abuse of those limitations and can be exposed to Metron
users in the UI. My initial thought is something like foreach
fields_truncated, onlyif fields_truncated != null, groupBy ip_src_addr, which
could then be exposed to the Metron users for monitoring purposes, and
potentially set thresholds at which alerts are generated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
