Hi this is the original event received to bro
SYSLOG | *severity:*NOTICE uid:CN4kU02atBGK0qlA5g *id.orig_p*:514
*id.resp_p*:514 *proto*:udp id.orig_h:10.2.2.1 *message*:Feb 21 12:46:50
suricata[72280]: [Drop] [1:5103:0] OPN_Social_Media - Facebook - DNS
request for facebook.com [Classification
You might like to look into parser chaining for this:
https://metron.apache.org/current-book/metron-platform/metron-parsers/ParserChaining.html
Simon
> On 20 Feb 2019, at 16:47, Farrukh Naveed Anjum
> wrote:
>
> Yes, I am using BRO Parser, Can I sub divide the message field
>
>> On Wed, Feb
Yes, I am using BRO Parser, Can I sub divide the *message* field
On Wed, Feb 20, 2019 at 7:39 PM Otto Fowler wrote:
> Can you print what the fields are after parsing? These are the fields
> that you will be able to use Stellar on, to possibly extract your info.
> Are you using the Bro parser?
>
Can you print what the fields are after parsing? These are the fields that
you will be able to use Stellar on, to possibly extract your info.
Are you using the Bro parser?
On February 20, 2019 at 02:14:17, Farrukh Naveed Anjum (
anjum.farr...@gmail.com) wrote:
Hi,
I wanted to know how can I def
