metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ahmed Shah <AhmedS...@cmail.carleton.ca>
Subject Metron - Emailing Alerts
Date Wed, 13 Dec 2017 19:06:32 GMT
Hello,
Just wondering if Metron has a feature to email alerts based on rules that a user defines.

Example:
Rule A: Email the user 1@1.com whenever ip_src_addr=100.2.10.*
Rule B: Email the user 1@1.com whenever payload contains "critical"

If not, does anyone have any recommendations on where to code these rules in the Metron stack
that uses attributes from the GROK parser?


-Ahmed
_______________________________________________________________
Ahmed Shah (PMP, M. Eng.)
Cybersecurity Analyst & Developer
GCR - Cybersecurity Operations Center
Carleton University - cugcr.com<https://cugcr.com/tiki/lce/index.php>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message