metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Sirota (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (METRON-11) FalconHose Parser and Topology
Date Tue, 19 Jan 2016 06:49:39 GMT

    [ https://issues.apache.org/jira/browse/METRON-11?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15106348#comment-15106348
] 

James Sirota commented on METRON-11:
------------------------------------

Can you provide what a sample telemetry message for this topology would look like? thanks


> FalconHose Parser and Topology
> ------------------------------
>
>                 Key: METRON-11
>                 URL: https://issues.apache.org/jira/browse/METRON-11
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Sean Schulte
>
> FalconHose events are generated by the CrowdStrike Falcon Host sensor.
> Their platform does its own pre-processing, so every one of these events is considered
an "alert".
> They are in JSON format, and there are a few different event types that we'll support.
> This requires:
> * parser
> * alert adapter
> * topology definition



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message