quot;source.type == 'activedirectory' and event.type ==
>>>>> 'failed_login'"
>>>>> "init": { "count": 0 },
>>>>> "update": { "count" : "count + 1" },
>>>>>
>>>>>> "onlyif": "source.type == 'activedirectory' and event.type ==
>>>>>>>> 'failed_login'"
>>>>>>>> "init": { "count": 0 },
>>>>>>>> "update": { "count" : "count + 1" },
>>>>>>>> "result": "count"
>>>>>>>> }
>>>>>>>>
>>>>>>>> You can find an introduction and more information on using the
>>>>>>>> Profiler below.
>>>>>>>> *
>>>>>>>> https://github.com/apache/metron/tree/master/metron-analytics/metron-profiler
>>>>>>>> * https://www.slideshare.net/secret/GFBf2RTXBG35PB
>>>>>>>>
>>>>>>>> Best of luck
>>>>>>>>
>>>>>>>>> On Tue, Oct 17, 2017 at 4:51 AM, tkg_cangkul <yuza.ras...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>> for example,
>>>>>>>>>
>>>>>>>>> i wanna try to correlate between logs.
>>>>>>>>> how many times user A have login failed and how many times user A
>>>>>>>>> have login succeed. include detail IP, timestamp etc.
>>>>>>>>> is this possible to do with metron?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On 17/10/17 02:56, James Sirota wrote:
>>>>>>>>>> What specifically are you looking to correlate? Can you talk a
>>>>>>>>>> little more about your use case?
>>>>>>>>>>
>>>>>>>>>> 16.10.2017, 02:23, "tkg_cangkul" <yuza.ras...@gmail.com>:
>>>>>>>>>>> hi,
>>>>>>>>>>>
>>>>>>>>>>> anyone could explain me about event correlation using apache metron?
>>>>>>>>>>> does metron support event correlation?
>>>>>>>>>>>
>>>>>>>>>>> Pls Advice
>>>>>>>>>> ---
>>>>>>>>>> Thank you,
>>>>>>>>>>
>>>>>>>>>> James Sirota
>>>>>>>>>> PMC- Apache Metron
>>>>>>>>>> jsirota AT apache DOT org
>>>>>>
quot;result": "count"
>>>> }
>>>>
>>>>
>>>> You can find an introduction and more information on using the Profiler
>>>> below.
>>>> *
>>>> https://github.com/apache/metron/tree/master/metron-analyt
t;: "count"
>>>>>> }
>>>>>>
>>>>>> You can find an introduction and more information on using the Profiler
>>>>>> below.
>>>>>> *
>>>>>> https://github.com/apache/metron/tree/master/m
; user@metron.apache.org
Subject: Re: event correlation on metron
So,
There are several options parsing the data and enriching.
1. A native parser ( java ), which you have noticed is not there
2. An instance of the GROK parser, with GROK rules that parser the input
3. If it is CSV an instance of the CSV
>>> login succeed. include detail IP, timestamp etc.
>>> is this possible to do with metron?
>>>
>>>
>>>
>>>
>>> On 17/10/17 02:56, James Sirota wrote:
>>>
>>>> What specifically are you looking to correlate? Can you talk a little
>>>> more about your use case?
>>>>
>>>> 16.10.2017, 02:23, "tkg_cangkul" <yuza.ras...@gmail.com>:
>>>>
>>>>> hi,
>>>>>
>>>>> anyone could explain me about event correlation using apache metron?
>>>>> does metron support event correlation?
>>>>>
>>>>> Pls Advice
>>>>
>>>> ---
>>>> Thank you,
>>>>
>>>> James Sirota
>>>> PMC- Apache Metron
>>>> jsirota AT apache DOT org
>>>
>>>
>
try to correlate between logs.
>>> how many times user A have login failed and how many times user A have
>>> login succeed. include detail IP, timestamp etc.
>>> is this possible to do with metron?
>>>
>>>
>>>
>>>
>>> On 17
t;
> i wanna try to correlate between logs.
> how many times user A have login failed and how many times user A have login
> succeed. include detail IP, timestamp etc.
> is this possible to do with metron?
>
> On 17/10/17 02:56, James Sirota wrote:
> What specifically a
-- Forwarded message -
From: Youzha <yuza.ras...@gmail.com>
Date: Tue, 17 Oct 2017 at 22.53
Subject: Re: event correlation on metron
To: <user@metron.apache.org>
is it possible to ingest other logs like /var/log/secure for example to be
new telemetry on metro
t;> how many times user A have login failed and how many times user A have
>> login succeed. include detail IP, timestamp etc.
>> is this possible to do with metron?
>>
>>
>>
>>
>> On 17/10/17 02:56, James Sirota wrote:
>>
>>> What specifi
s Sirota wrote:
>
>> What specifically are you looking to correlate? Can you talk a little
>> more about your use case?
>>
>> 16.10.2017, 02:23, "tkg_cangkul" <yuza.ras...@gmail.com>:
>>
>>> hi,
>>>
>>> anyone could explain me about event correlation using apache metron?
>>> does metron support event correlation?
>>>
>>> Pls Advice
>>>
>> ---
>> Thank you,
>>
>> James Sirota
>> PMC- Apache Metron
>> jsirota AT apache DOT org
>>
>
>
to correlate? Can you talk a little more
about your use case?
16.10.2017, 02:23, "tkg_cangkul" <yuza.ras...@gmail.com>:
hi,
anyone could explain me about event correlation using apache metron?
does metron support event correlation?
Pls Advice
---
Thank you,
James Si
What specifically are you looking to correlate? Can you talk a little more
about your use case?
16.10.2017, 02:23, "tkg_cangkul" <yuza.ras...@gmail.com>:
> hi,
>
> anyone could explain me about event correlation using apache metron?
> does metron support event
hi,
anyone could explain me about event correlation using apache metron?
does metron support event correlation?
Pls Advice
14 matches
Mail list logo
