metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Sirota (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (METRON-161) Create AD Parser
Date Thu, 02 Jun 2016 05:41:59 GMT

     [ https://issues.apache.org/jira/browse/METRON-161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James Sirota updated METRON-161:
--------------------------------
    Assignee: Casey Stella

> Create AD Parser
> ----------------
>
>                 Key: METRON-161
>                 URL: https://issues.apache.org/jira/browse/METRON-161
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Deeptaanshu Kumar
>            Assignee: Casey Stella
>              Labels: ParserExtension
>
> Create a parser for the Active Directory telemetry source. This data source has 3 formats
that should be parsed as specified below:
> Required Active Directory fields:
> dcName
> admonEventType
> description
> distinguishedName
> DC
> CN
> whenChanged
> whenCreated
> memberOf
> userAccountControl
> Sample Active Directory log message: 
> 04/11/2016 17:00:03.182
> dcName=wewewew.google.com
> admonEventType=Update
> Names:
> objectCategory=CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=google,DC=com
> name=CRA3
> distinguishedName=CN=CRA,CN=AzRoleObjectContainer-f2c06b86-f897-4ca4-ac5e-2762c25c5da4,CN=f2c06b86-f897-4ca4-ac5e-2762c25c5da4,CN=636cb236-cdb1-443b-bfb3-7683dd85b2f4,CN=Authorization,CN=Corporate,OU=Zones,OU=UNIX,DC=google,DC=com
> cn=CRA
> Object Details:
> objectGUID=dd4fb895-3672-4f0c-bd73-f41f05205f37
> whenChanged=05:00.03 PM, Mon 04/11/2016
> whenCreated=04:59.49 PM, Mon 04/11/2016
> objectClass=top|msDS-AzRole
> Event Details:
> uSNChanged=1645647639
> uSNCreated=1645647635
> instanceType=4
> Additional Details:
> msDS-AzApplicationData=ptype=g
> msDS-TasksForAzRole=CN=role-Unix Sysadmin,CN=AzTaskObjectContainer-636cb236-cdb1-443b-bfb3-7683dd85b2f4,CN=636cb236-cdb1-443b-bfb3-7683dd85b2f4,CN=Authorization,CN=Corporate,OU=Zones,OU=UNIX,DC=google,DC=com
> msDS-MembersForAzRole=CN=PAWS_ENVPR_DDEPROD_ADM,OU=Bigdata,OU=Groups,DC=google,DC=com
> dSCorePropagationData=16010101000000.0Z
> showInAdvancedViewOnly=TRUE
> Data after parsing: 
> { "timestamp": "April 11th 2016 17:00:03 (NOTE: Timezone unknown. Solve for this)", "hostname":
"wewewew", "dcName": "wewewew.google.com", "admonEventType": "Update", "names.objectCategory":
"CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=google,DC=com", "names.name": "CRA", "names.distinguishedName":
"CN=CRA,CN=AzRoleObjectContainer-f2c06b86-f897-4ca4-ac5e-2762c25c5da4,CN=f2c06b86-f897-4ca4-ac5e-2762c25c5da4,CN=636cb236-cdb1-443b-bfb3-7683dd85b2f4,CN=Authorization,CN=Corporate,OU=Zones,OU=UNIX,DC=google,DC=com",
"names.cn": "CRA", "object.objectGUID": "dd4fb895-3672-4f0c-bd73-f41f05205f37", "object.whenChanged":
"05:00.03 PM, Mon 04/11/2016", "object.whenCreated": "04:59.49 PM, Mon 04/11/2016", "object.objectClass":
"top|msDS-AzRole", "event.uSNChanged": "1645647639", "event.uSNCreated": "1645647635", event.instanceType":
"4", "additional.msDS-AzApplicationData": "ptype=g", "additional.msDS-TasksForAzRole": "CN=role-Unix
Sysadmin,CN=AzTaskObjectContainer-636cb236-cdb1-443b-bfb3-7683dd85b2f4,CN=636cb236-cdb1-443b-bfb3-7683dd85b2f4,CN=Authorization,CN=Corporate,OU=Zones,OU=UNIX,DC=google,DC=com",
"additional.msDS-MembersForAzRole": "CN=PAWS_ENVPR_DDEPROD_ADM,OU=Bigdata,OU=Groups,DC=google,DC=com",
"additional.dSCorePropagationData": "16010101000000.0Z", "additional.showInAdvancedViewOnly":
"TRUE" }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message