Out of curiosity, why do you want to build your own SIEM and then bolt Stellar on top? Why not just use Metron, since it has Stellar baked in.
17.01.2018, 15:34, "Ian Abreu" <iab...@wayfair.com>:
Hey all,
We’ve come across the design decision where we’d like to use Metron tooling as a framework to build our SIEM around. This being the case, stellar is something that we’d like to use, but we’ve currently got different enrichment and normalization layers.
So my question is this: Has anyone, or could anyone point me to a resource that’d help to normalize our data in such a way that Stellar could be used downstream from our data manipulation/normalization layer?
Cheers,
Z0r0
-------------------
Thank you,
James Sirota
PMC- Apache Metron
jsirota AT apache DOT org
