metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tseytlin, Keren" <>
Subject Re: [DISCUSS] Active Directory Parser for Metron
Date Wed, 05 Oct 2016 13:39:46 GMT
Hi All,

We have an active directory parser that is currently in production. We would be happy to contribute
it and work with whoever to make it generic ☺


On 10/3/16, 5:58 PM, "" <> wrote:

    +1 in need of.  No current effort because it is not our primary kerb realm,
    but we could use it.
    On Mon, Oct 3, 2016, 17:18 James Sirota <> wrote:
    > I've seen traffic come through about multiple efforts for writing the AD
    > parser for Metron.  I'd like to consolidate these efforts so that we can
    > come up with a generic parser that is suitable for everyone's needs and
    > that we don't duplicate effort.  Please post to this thread if you are
    > working or are in need of the AD parser.  We can then throw a working group
    > together and get the parser written and tested with everyone's telemetry.
    > Also, please indicate if you are able to provide sample (anonymized) logs.
    > If you are getting these logs from your corporate environment please check
    > with your security office first prior to posting them.
    > -------------------
    > Thank you,
    > James Sirota
    > PPMC- Apache Metron (Incubating)
    > jsirota AT apache DOT org


The information contained in this e-mail is confidential and/or proprietary to Capital One
and/or its affiliates and may only be used solely in performance of work or services for Capital
One. The information transmitted herewith is intended only for use by the individual or entity
to which it is addressed. If the reader of this message is not the intended recipient, you
are hereby notified that any review, retransmission, dissemination, distribution, copying
or other use of, or taking of any action in reliance upon this information is strictly prohibited.
If you have received this communication in error, please contact the sender and delete the
material from your computer.
View raw message