You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "James Sirota (JIRA)" <ji...@apache.org> on 2016/01/19 07:49:39 UTC

[jira] [Commented] (METRON-11) FalconHose Parser and Topology

    [ https://issues.apache.org/jira/browse/METRON-11?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15106348#comment-15106348 ] 

James Sirota commented on METRON-11:
------------------------------------

Can you provide what a sample telemetry message for this topology would look like? thanks 

> FalconHose Parser and Topology
> ------------------------------
>
>                 Key: METRON-11
>                 URL: https://issues.apache.org/jira/browse/METRON-11
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Sean Schulte
>
> FalconHose events are generated by the CrowdStrike Falcon Host sensor.
> Their platform does its own pre-processing, so every one of these events is considered an "alert".
> They are in JSON format, and there are a few different event types that we'll support.
> This requires:
> * parser
> * alert adapter
> * topology definition



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)