Palo Alto parser

["Kumar, Sunny" <Su...@capitalone.com>]

Hi all

I was looking at the Palo Alto parser in Metron. It seems pretty basic and here at capital one use a pretty advanced one. Do you think I should enhance it with additional fields or may be create a new one say 'AdvancedPaloAltoParser'?
Or do you think it should be the way it is right now in Metron?

Thanks,
Sunny
________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

Re: Palo Alto parser

[Casey Stella <ce...@gmail.com>]

That sounds like a solid replacement and contribution as long as it
continues to work with the existing data (which I assume it would).  Thanks!

On Wed, May 18, 2016 at 3:55 PM, Kumar, Sunny <Su...@capitalone.com>
wrote:

> We at capital one have 4 possible configurations in Palo Alto - Traffic,
> Threat, Config, System.
> The metro parser has only 2 - Traffic, Threat.
> Also we have close to 90 fields overall against about 60 in the current
> Metron parser.
>
> On 5/18/16, 3:28 PM, "Casey Stella" <ce...@gmail.com> wrote:
>
> >Would the advanced parser successfully parse the sample data for palo alto
> >that we have in metron?  If so, I'd certainly think that we should
> >consider
> >a more complete parser to be a good thing.
> >
> >Can you characterize more what your parser does that the existing one
> >doesn't do?
> >
> >On Wed, May 18, 2016 at 3:18 PM, Kumar, Sunny <Sunny.Kumar@capitalone.com
> >
> >wrote:
> >
> >> Hi all
> >>
> >> I was looking at the Palo Alto parser in Metron. It seems pretty basic
> >>and
> >> here at capital one use a pretty advanced one. Do you think I should
> >> enhance it with additional fields or may be create a new one say
> >> 'AdvancedPaloAltoParser'?
> >> Or do you think it should be the way it is right now in Metron?
> >>
> >> Thanks,
> >> Sunny
> >> ________________________________________________________
> >>
> >> The information contained in this e-mail is confidential and/or
> >> proprietary to Capital One and/or its affiliates and may only be used
> >> solely in performance of work or services for Capital One. The
> >>information
> >> transmitted herewith is intended only for use by the individual or
> >>entity
> >> to which it is addressed. If the reader of this message is not the
> >>intended
> >> recipient, you are hereby notified that any review, retransmission,
> >> dissemination, distribution, copying or other use of, or taking of any
> >> action in reliance upon this information is strictly prohibited. If you
> >> have received this communication in error, please contact the sender and
> >> delete the material from your computer.
> >>
>
> ________________________________________________________
>
> The information contained in this e-mail is confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The information
> transmitted herewith is intended only for use by the individual or entity
> to which it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, distribution, copying or other use of, or taking of any
> action in reliance upon this information is strictly prohibited. If you
> have received this communication in error, please contact the sender and
> delete the material from your computer.
>
>

Re: Palo Alto parser

["Kumar, Sunny" <Su...@capitalone.com>]

We at capital one have 4 possible configurations in Palo Alto - Traffic,
Threat, Config, System.
The metro parser has only 2 - Traffic, Threat.
Also we have close to 90 fields overall against about 60 in the current
Metron parser.

On 5/18/16, 3:28 PM, "Casey Stella" <ce...@gmail.com> wrote:

>Would the advanced parser successfully parse the sample data for palo alto
>that we have in metron?  If so, I'd certainly think that we should
>consider
>a more complete parser to be a good thing.
>
>Can you characterize more what your parser does that the existing one
>doesn't do?
>
>On Wed, May 18, 2016 at 3:18 PM, Kumar, Sunny <Su...@capitalone.com>
>wrote:
>
>> Hi all
>>
>> I was looking at the Palo Alto parser in Metron. It seems pretty basic
>>and
>> here at capital one use a pretty advanced one. Do you think I should
>> enhance it with additional fields or may be create a new one say
>> 'AdvancedPaloAltoParser'?
>> Or do you think it should be the way it is right now in Metron?
>>
>> Thanks,
>> Sunny
>> ________________________________________________________
>>
>> The information contained in this e-mail is confidential and/or
>> proprietary to Capital One and/or its affiliates and may only be used
>> solely in performance of work or services for Capital One. The
>>information
>> transmitted herewith is intended only for use by the individual or
>>entity
>> to which it is addressed. If the reader of this message is not the
>>intended
>> recipient, you are hereby notified that any review, retransmission,
>> dissemination, distribution, copying or other use of, or taking of any
>> action in reliance upon this information is strictly prohibited. If you
>> have received this communication in error, please contact the sender and
>> delete the material from your computer.
>>

________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

Re: Palo Alto parser

[Casey Stella <ce...@gmail.com>]

Would the advanced parser successfully parse the sample data for palo alto
that we have in metron?  If so, I'd certainly think that we should consider
a more complete parser to be a good thing.

Can you characterize more what your parser does that the existing one
doesn't do?

On Wed, May 18, 2016 at 3:18 PM, Kumar, Sunny <Su...@capitalone.com>
wrote:

> Hi all
>
> I was looking at the Palo Alto parser in Metron. It seems pretty basic and
> here at capital one use a pretty advanced one. Do you think I should
> enhance it with additional fields or may be create a new one say
> 'AdvancedPaloAltoParser'?
> Or do you think it should be the way it is right now in Metron?
>
> Thanks,
> Sunny
> ________________________________________________________
>
> The information contained in this e-mail is confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The information
> transmitted herewith is intended only for use by the individual or entity
> to which it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, distribution, copying or other use of, or taking of any
> action in reliance upon this information is strictly prohibited. If you
> have received this communication in error, please contact the sender and
> delete the material from your computer.
>