metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Leet (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (METRON-1740) Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages
Date Tue, 11 Dec 2018 16:03:00 GMT

     [ https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Justin Leet updated METRON-1740:
--------------------------------
    Fix Version/s: 0.7.0

> Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages
> --------------------------------------------------------------------
>
>                 Key: METRON-1740
>                 URL: https://issues.apache.org/jira/browse/METRON-1740
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Yi Liu
>            Priority: Major
>             Fix For: 0.7.0
>
>
> As a Metron's user (security analyst)
> I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM PanOS syslog
messages
> so that I can know what, when how the system configuration has been changed and how the
system has been running. 
>  
> The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports THREAT and TRAFFIC
log messages. The task is to extend it to support CONFIG and SYSTEM log messages. The supported
PanOS versions are 6.1, 7.0 and 8.0.
> The sample of CONFIG log (PanOS 7.0)
> {code:java}
> 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded,
vsys  vsys4 ruleXXXX XXXXX rules  dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message