You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Antonio Pérez Bautista <ap...@gmv.com> on 2017/07/12 14:27:28 UTC
Presentation
Hello,
My name is Antonio Perez and I work as a developer in GMV.
We joined the mailing list of users and developers because in our company we are currently developing a project called PROTECTIVE for the European Commission. In this project we have joined several companies from Europe (3 NRENs, 3 academic and 4 commercial partners from 8 countries) to try to develop a solution designed to improve an organization's ongoing awareness of the risk posed to its business by cyber security attacks.
This solution is based on improved security monitoring and increased sharing of threat intelligence between organizations within a community, and ranks critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the business organizations.
GMV thinks METRON could be a good tool for the project. We would like to test it and try to integrate with the solution. If everything goes as we expect, then we will try to get the commitment of the others companies.
For now we are working with metron-docker, and we followed the little example on github. So now, what we would like to do is to add our information on a specific json format to the METRON solution. We have not found examples of that and some help here could be really great.
Thanks and regards!
[cid:image001.gif@01D2FB27.1447C5B0]
Antonio Pérez Bautista
Ingeniero Tecnología y Servicios Secure e-Solutions / Technology Engineer and Secure service e-Solutions
GMV
Balmes 268-270, 5ª Planta
E-08006 Barcelona
Tel. +34 93 272 18 48
Fax +34 93 215 61 87
www.gmv.com <http://www.gmv.com/>
[cid:image002.png@01D2FB27.1447C5B0]<http://www.facebook.com/infoGMV>
[cid:image003.png@01D2FB27.1447C5B0]<http://www.twitter.com/infoGMV_es>
[cid:image004.png@01D2FB27.1447C5B0]<https://plus.google.com/+Gmvcompany>
[cid:image005.png@01D2FB27.1447C5B0]<http://www.youtube.com/infoGMV>
[cid:image006.png@01D2FB27.1447C5B0]<https://www.linkedin.com/company/gmv>
[cid:image007.png@01D2FB27.1447C5B0]<http://www.gmv.com/en/RSS>
[cid:image008.png@01D2FB27.1447C5B0]<http://www.gmv.com/blog_gmv/language/en/>
P Please consider the environment before printing this e-mail.
______________________
This message including any attachments may contain confidential
information, according to our Information Security Management System,
and intended solely for a specific individual to whom they are addressed.
Any unauthorised copy, disclosure or distribution of this message
is strictly forbidden. If you have received this transmission in error,
please notify the sender immediately and delete it.
______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como confidencial
en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
______________________
Re: Presentation
Posted by Michael Miklavcic <mi...@gmail.com>.
Just a heads up, metron-docker has been moved -
https://github.com/apache/metron/pull/659
On Wed, Jul 12, 2017 at 9:00 AM, Kyle Richardson <ky...@gmail.com>
wrote:
> First off, welcome to the community! Your project sounds quite exciting
> with such a wide range of partner organizations.
>
> It sounds like you have existing telemetry data, already JSON objects,
> which you'd like to ingest into Metron. I'd suggest starting with the
> JSONMapParser and using fieldTransformations to adapt your data into the
> standard Metron fields (e.g. timestamp, ip_src_addr, ip_dst_addr, etc).
> There is some good documentation on setting up these parser configurations
> here [1].
>
> We are an active community so if you run into any questions just shoot an
> email out to the list or join us on IRC.
>
> -Kyle
>
> [1] https://github.com/apache/metron/tree/master/metron-platform
> /metron-parsers
>
> On Wed, Jul 12, 2017 at 10:27 AM, Antonio Pérez Bautista <
> apbautista@gmv.com> wrote:
>
>> Hello,
>>
>>
>>
>> My name is Antonio Perez and I work as a developer in GMV.
>>
>>
>>
>> We joined the mailing list of users and developers because in our company
>> we are currently developing a project called PROTECTIVE for the European
>> Commission. In this project we have joined several companies from Europe (3
>> NRENs, 3 academic and 4 commercial partners from 8 countries) to try to
>> develop a solution designed to improve an organization's ongoing awareness
>> of the risk posed to its business by cyber security attacks.
>>
>>
>>
>> This solution is based on improved security monitoring and increased
>> sharing of threat intelligence between organizations within a community,
>> and ranks critical alerts based on the potential damage the attack can
>> inflict on the threatened assets and hence to the business organizations.
>>
>>
>>
>> GMV thinks METRON could be a good tool for the project. We would like to
>> test it and try to integrate with the solution. If everything goes as we
>> expect, then we will try to get the commitment of the others companies.
>>
>>
>>
>> For now we are working with metron-docker, and we followed the little
>> example on github. So now, what we would like to do is to add our
>> information on a specific json format to the METRON solution. We have not
>> found examples of that and some help here could be really great.
>>
>>
>>
>> Thanks and regards!
>>
>>
>>
>>
>>
>> [image: cid:image001.gif@01D2FB27.1447C5B0]
>>
>> *Antonio Pérez Bautista*
>>
>> Ingeniero Tecnología y Servicios Secure e-Solutions / Technology Engineer
>> and Secure service e-Solutions
>>
>> GMV
>> Balmes 268-270, 5ª Planta
>> E-08006 Barcelona
>> Tel. +34 93 272 18 48 <+34%20932%2072%2018%2048>
>> Fax +34 93 215 61 87 <+34%20932%2015%2061%2087>
>> www.gmv.com
>>
>> [image: cid:image002.png@01D2FB27.1447C5B0]
>> <http://www.facebook.com/infoGMV>
>>
>> [image: cid:image003.png@01D2FB27.1447C5B0]
>> <http://www.twitter.com/infoGMV_es>
>>
>> [image: cid:image004.png@01D2FB27.1447C5B0]
>> <https://plus.google.com/+Gmvcompany>
>>
>> [image: cid:image005.png@01D2FB27.1447C5B0]
>> <http://www.youtube.com/infoGMV>
>>
>> [image: cid:image006.png@01D2FB27.1447C5B0]
>> <https://www.linkedin.com/company/gmv>
>>
>> [image: cid:image007.png@01D2FB27.1447C5B0] <http://www.gmv.com/en/RSS>
>>
>>
>>
>> [image: cid:image008.png@01D2FB27.1447C5B0]
>> <http://www.gmv.com/blog_gmv/language/en/>
>>
>>
>>
>>
>>
>> P Please consider the environment before printing this e-mail.
>>
>> ------------------------------
>> This message including any attachments may contain confidential
>> information, according to our Information Security Management System, and
>> intended solely for a specific individual to whom they are addressed. Any
>> unauthorised copy, disclosure or distribution of this message is strictly
>> forbidden. If you have received this transmission in error, please notify
>> the sender immediately and delete it. Thank you.
>> ------------------------------
>> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
>> contener información clasificada por su emisor como confidencial en el
>> marco de su Sistema de Gestión de Seguridad de la Información siendo para
>> uso exclusivo del destinatario, quedando prohibida su divulgación copia o
>> distribución a terceros sin la autorización expresa del remitente. Si Vd.
>> ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y
>> proceda a su borrado. Gracias por su colaboración.
>> ------------------------------
>> Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação
>> confidencial, de acordo com nosso Sistema de Gestão de Segurança da
>> Informação, sendo para uso exclusivo do destinatário e estando proibida a
>> sua divulgação, cópia ou distribuição a terceiros sem autorização expressa
>> do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise
>> de imediato o remetente e apague-a. Obrigado pela sua colaboração.
>> ------------------------------
>>
>>
>
Re: Presentation
Posted by Kyle Richardson <ky...@gmail.com>.
First off, welcome to the community! Your project sounds quite exciting
with such a wide range of partner organizations.
It sounds like you have existing telemetry data, already JSON objects,
which you'd like to ingest into Metron. I'd suggest starting with the
JSONMapParser and using fieldTransformations to adapt your data into the
standard Metron fields (e.g. timestamp, ip_src_addr, ip_dst_addr, etc).
There is some good documentation on setting up these parser configurations
here [1].
We are an active community so if you run into any questions just shoot an
email out to the list or join us on IRC.
-Kyle
[1] https://github.com/apache/metron/tree/master/metron-
platform/metron-parsers
On Wed, Jul 12, 2017 at 10:27 AM, Antonio Pérez Bautista <apbautista@gmv.com
> wrote:
> Hello,
>
>
>
> My name is Antonio Perez and I work as a developer in GMV.
>
>
>
> We joined the mailing list of users and developers because in our company
> we are currently developing a project called PROTECTIVE for the European
> Commission. In this project we have joined several companies from Europe (3
> NRENs, 3 academic and 4 commercial partners from 8 countries) to try to
> develop a solution designed to improve an organization's ongoing awareness
> of the risk posed to its business by cyber security attacks.
>
>
>
> This solution is based on improved security monitoring and increased
> sharing of threat intelligence between organizations within a community,
> and ranks critical alerts based on the potential damage the attack can
> inflict on the threatened assets and hence to the business organizations.
>
>
>
> GMV thinks METRON could be a good tool for the project. We would like to
> test it and try to integrate with the solution. If everything goes as we
> expect, then we will try to get the commitment of the others companies.
>
>
>
> For now we are working with metron-docker, and we followed the little
> example on github. So now, what we would like to do is to add our
> information on a specific json format to the METRON solution. We have not
> found examples of that and some help here could be really great.
>
>
>
> Thanks and regards!
>
>
>
>
>
> [image: cid:image001.gif@01D2FB27.1447C5B0]
>
> *Antonio Pérez Bautista*
>
> Ingeniero Tecnología y Servicios Secure e-Solutions / Technology Engineer
> and Secure service e-Solutions
>
> GMV
> Balmes 268-270, 5ª Planta
> E-08006 Barcelona
> Tel. +34 93 272 18 48
> Fax +34 93 215 61 87
> www.gmv.com
>
> [image: cid:image002.png@01D2FB27.1447C5B0]
> <http://www.facebook.com/infoGMV>
>
> [image: cid:image003.png@01D2FB27.1447C5B0]
> <http://www.twitter.com/infoGMV_es>
>
> [image: cid:image004.png@01D2FB27.1447C5B0]
> <https://plus.google.com/+Gmvcompany>
>
> [image: cid:image005.png@01D2FB27.1447C5B0]
> <http://www.youtube.com/infoGMV>
>
> [image: cid:image006.png@01D2FB27.1447C5B0]
> <https://www.linkedin.com/company/gmv>
>
> [image: cid:image007.png@01D2FB27.1447C5B0] <http://www.gmv.com/en/RSS>
>
>
>
> [image: cid:image008.png@01D2FB27.1447C5B0]
> <http://www.gmv.com/blog_gmv/language/en/>
>
>
>
>
>
> P Please consider the environment before printing this e-mail.
>
> ------------------------------
> This message including any attachments may contain confidential
> information, according to our Information Security Management System, and
> intended solely for a specific individual to whom they are addressed. Any
> unauthorised copy, disclosure or distribution of this message is strictly
> forbidden. If you have received this transmission in error, please notify
> the sender immediately and delete it. Thank you.
> ------------------------------
> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> contener información clasificada por su emisor como confidencial en el
> marco de su Sistema de Gestión de Seguridad de la Información siendo para
> uso exclusivo del destinatario, quedando prohibida su divulgación copia o
> distribución a terceros sin la autorización expresa del remitente. Si Vd.
> ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y
> proceda a su borrado. Gracias por su colaboración.
> ------------------------------
> Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação
> confidencial, de acordo com nosso Sistema de Gestão de Segurança da
> Informação, sendo para uso exclusivo do destinatário e estando proibida a
> sua divulgação, cópia ou distribuição a terceiros sem autorização expressa
> do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise
> de imediato o remetente e apague-a. Obrigado pela sua colaboração.
> ------------------------------
>
>