You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ce...@apache.org on 2015/12/17 21:46:16 UTC
[14/26] incubator-metron git commit: replace opensoc-steaming version
0.4BETA with 0.6BETA 8e7a6b4ad9febbc4ea47ba7810c42cc94d4dee37
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/LancopeParserTest.log
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/LancopeParserTest.log b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/LancopeParserTest.log
new file mode 100644
index 0000000..0e4bf74
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/LancopeParserTest.log
@@ -0,0 +1 @@
+{"message":"<131>Jul 17 15:59:01 smc-01 StealthWatch[12365]: 2014-07-17T15:58:30Z 10.40.10.254 0.0.0.0 Minor High Concern Index The host's concern index has either exceeded the CI threshold or rapidly increased. Observed 36.55M points. Policy maximum allows up to 20M points.","@version":"1","@timestamp":"2014-07-17T15:56:05.992Z","type":"syslog","host":"10.122.196.201"}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/PaloAltoFirewallParserTest.log
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/PaloAltoFirewallParserTest.log b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/PaloAltoFirewallParserTest.log
new file mode 100644
index 0000000..c58bcc8
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/PaloAltoFirewallParserTest.log
@@ -0,0 +1,2 @@
+<11>Jan 5 05:38:59 PAN1.exampleCustomer.com 1,2015/01/05 05:38:58,0006C110285,THREAT,vulnerability,1,2015/01/05 05:38:58,10.0.0.115,216.0.10.198,0.0.0.0,0.0.0.0,EX-Allow,example\\user.name,,web-browsing,vsys1,internal,external,ethernet1/2,ethernet1/1,LOG-Default,2015/01/05 05:38:58,12031,1,54180,80,0,0,0x80004000,tcp,reset-both,\"ad.aspx?f=300x250&id=12;tile=1;ord=67AF705D60B1119C0F18BEA336F9\",HTTP: IIS Denial Of Service Attempt(40019),any,high,client-to-server,347368099,0x0,10.0.0.0-10.255.255.255,US,0,,1200568889751109656,,
+<14>Jan 5 12:51:34 PAN1.exampleCustomer.com 1,2015/01/05 12:51:33,0011C103117,TRAFFIC,end,1,2015/01/05 12:51:33,10.0.0.39,10.1.0.163,0.0.0.0,0.0.0.0,EX-Allow,,example\\user.name,ms-ds-smb,vsys1,v_external,v_internal,ethernet1/2,ethernet1/1,LOG-Default,2015/01/05 12:51:33,33760927,1,52688,445,0,0,0x401a,tcp,allow,2229,1287,942,10,2015/01/05 12:51:01,30,any,0,17754932062,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,4
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/SourceFireTest.log
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/SourceFireTest.log b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/SourceFireTest.log
new file mode 100644
index 0000000..af257aa
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/SourceFireTest.log
@@ -0,0 +1,3 @@
+SFIMS: [Primary Detection Engine (a7213248-6423-11e3-8537-fac6a92b7d9d)][MTD Access Control] Connection Type: Start, User: Unknown, Client: Unknown, Application Protocol: Unknown, Web App: Unknown, Firewall Rule Name: MTD Access Control, Firewall Rule Action: Allow, Firewall Rule Reasons: Unknown, URL Category: Unknown, URL_Reputation: Risk unknown, URL: Unknown, Interface Ingress: s1p1, Interface Egress: N/A, Security Zone Ingress: Unknown, Security Zone Egress: N/A, Security Intelligence Matching IP: None, Security Intelligence Category: None, {TCP} 72.163.0.129:60517 -> 10.1.128.236:443
+snort: [1:3192:2] WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 46.149.110.103:80 -> 192.168.56.102:1073
+SFIMS: Correlation Event: Open Soc Log Forwarding/Opensoc Log Forwarding at Thu Oct 23 04:55:39 2014 UTC: [1:19123:7] \"MALWARE-CNC Dropper Win.Trojan.Cefyns.A variant outbound connection\" [Impact: Unknown] From \"172.19.50.7\" at Thu Oct 23 04:55:38 2014 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} 139.230.245.23:52078->72.52.4.91:80
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/BroSchema.json
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/BroSchema.json b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/BroSchema.json
new file mode 100644
index 0000000..0105c19
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/BroSchema.json
@@ -0,0 +1,28 @@
+{
+ "title": "Bro Schema",
+ "type": "object",
+ "properties": {
+ "status_code": {
+ "type": "integer"
+ },
+ "uid": {
+ "type": "string"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "ip_dst_addr": {
+ "type": "string"
+ },
+ "host": {
+ "type": "string"
+ },
+ "request_body_len": {
+ "type": "integer"
+ },
+ "response_body_len": {
+ "type": "integer"
+ }
+ },
+ "required": ["status_code", "uid", "protocol","ip_dst_addr","host","request_body_len","response_body_len"]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/LancopeSchema.json
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/LancopeSchema.json b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/LancopeSchema.json
index 12f326f..9118a93 100644
--- a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/LancopeSchema.json
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/LancopeSchema.json
@@ -8,15 +8,21 @@
"ip_dst_addr": {
"type": "string"
},
- "ip_src_port": {
+ "original_string": {
"type": "string"
},
- "ip_dst_port": {
+ "@version": {
"type": "string"
},
- "protocol": {
+ "timestamp": {
+ "type": "integer"
+ },
+ "type": {
+ "type": "string"
+ },
+ "host": {
"type": "string"
}
},
- "required": ["ip_src_addr", "ip_dst_addr", "ip_src_port", "ip_dst_port","protocol"]
+ "required": ["ip_src_addr", "ip_dst_addr", "original_string","@version", "timestamp", "type","host"]
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/SourcefireSchema.json
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/SourcefireSchema.json b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/SourcefireSchema.json
index 3984b00..2711909 100644
--- a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/SourcefireSchema.json
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/TestSchemas/SourcefireSchema.json
@@ -8,15 +8,27 @@
"ip_dst_addr": {
"type": "string"
},
- "ip_src_port": {
+ "timestamp": {
+ "type": "integer"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "original_string": {
"type": "string"
},
+ "original_string": {
+ "type": "string"
+ },
+ "ip_src_port": {
+ "type": "string"
+ },
"ip_dst_port": {
"type": "string"
},
- "protocol": {
+ "key": {
"type": "string"
- }
+ }
},
- "required": ["ip_src_addr", "ip_dst_addr", "ip_src_port", "ip_dst_port","protocol"]
+ "required": ["ip_src_addr", "ip_dst_addr", "ip_src_port", "ip_dst_port","protocol","original_string","key","timestamp"]
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicFireEyeParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicFireEyeParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicFireEyeParserTest.config
new file mode 100644
index 0000000..8073cec
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicFireEyeParserTest.config
@@ -0,0 +1,2 @@
+#BasicFireEyeParserTestConfig
+logFile=src/test/resources/FireEyeParserTest.log
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicIseParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicIseParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicIseParserTest.config
new file mode 100644
index 0000000..ac158a5
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicIseParserTest.config
@@ -0,0 +1,2 @@
+#IseParserTestConfig
+logFile=src/test/resources/IseParserTest.log
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicLancopeParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicLancopeParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicLancopeParserTest.config
new file mode 100644
index 0000000..edafc56
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicLancopeParserTest.config
@@ -0,0 +1,2 @@
+#LancopeParserTestConfig
+logFile=src/test/resources/LancopeParserTest.log
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicPaloAltoFirewallParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicPaloAltoFirewallParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicPaloAltoFirewallParserTest.config
new file mode 100644
index 0000000..613c314
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicPaloAltoFirewallParserTest.config
@@ -0,0 +1,2 @@
+#BasicFireEyeParserTestConfig
+logFile=src/test/resources/PaloAltoFirewallParserTest.log
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicSourcefireParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicSourcefireParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicSourcefireParserTest.config
new file mode 100644
index 0000000..556a54c
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BasicSourcefireParserTest.config
@@ -0,0 +1,2 @@
+#BasicSourceFileParserTestConfig
+logFile=src/test/resources/SourceFireTest.log
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BroParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BroParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BroParserTest.config
new file mode 100644
index 0000000..c50743c
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/BroParserTest.config
@@ -0,0 +1,2 @@
+#BroParserTestConfig
+logFile=src/test/resources/BroParserTest.log
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/a919cc19/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/GrokAsaParserTest.config
----------------------------------------------------------------------
diff --git a/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/GrokAsaParserTest.config b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/GrokAsaParserTest.config
new file mode 100644
index 0000000..2f41210
--- /dev/null
+++ b/opensoc-streaming/OpenSOC-MessageParsers/src/test/resources/config/GrokAsaParserTest.config
@@ -0,0 +1,2 @@
+#GrokParserTestConfig
+logFile=src/test/resources/GrokParserTest.log