You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Jon Zeolla (JIRA)" <ji...@apache.org> on 2016/11/03 17:41:58 UTC

[jira] [Created] (METRON-546) Provide a default profiler for monitoring abuse of Metron limitations

Jon Zeolla created METRON-546:
---------------------------------

             Summary: Provide a default profiler for monitoring abuse of Metron limitations
                 Key: METRON-546
                 URL: https://issues.apache.org/jira/browse/METRON-546
             Project: Metron
          Issue Type: Sub-task
            Reporter: Jon Zeolla
            Priority: Minor


Knowing that there are certain limitations imposed in the Metron environment, especially in areas which could be attacker controlled, we should provide a profiler which monitors abuse of those limitations and can be exposed to Metron users in the UI.  My initial thought is something like foreach fields_truncated, onlyif fields_truncated != null, groupBy ip_src_addr, which could then be exposed to the Metron users for monitoring purposes, and potentially set thresholds at which alerts are generated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)