You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Jon Zeolla (JIRA)" <ji...@apache.org> on 2016/11/03 17:41:58 UTC
[jira] [Created] (METRON-546) Provide a default profiler for
monitoring abuse of Metron limitations
Jon Zeolla created METRON-546:
---------------------------------
Summary: Provide a default profiler for monitoring abuse of Metron limitations
Key: METRON-546
URL: https://issues.apache.org/jira/browse/METRON-546
Project: Metron
Issue Type: Sub-task
Reporter: Jon Zeolla
Priority: Minor
Knowing that there are certain limitations imposed in the Metron environment, especially in areas which could be attacker controlled, we should provide a profiler which monitors abuse of those limitations and can be exposed to Metron users in the UI. My initial thought is something like foreach fields_truncated, onlyif fields_truncated != null, groupBy ip_src_addr, which could then be exposed to the Metron users for monitoring purposes, and potentially set thresholds at which alerts are generated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)