[jira] [Updated] (METRON-159) Create a parser for Ironport
[
https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Casey Stella updated METRON-159:
Fix Version/s: (was: 0.2.2BETA)
> Create a parser for Ironport
> -
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
>Reporter: sagar gaikwad
>Assignee: James Sirota
>Priority: Minor
> Labels: ParserExtension, platform
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data
> sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID DKIM:
> signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID
> 360303162 DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID
> DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 11 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID
> 11
> close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID
> 11 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (METRON-159) Create a parser for Ironport
[
https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Casey Stella updated METRON-159:
Assignee: (was: James Sirota)
> Create a parser for Ironport
> -
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
>Reporter: sagar gaikwad
>Priority: Minor
> Labels: ParserExtension, platform
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data
> sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID DKIM:
> signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID
> 360303162 DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID
> DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 11 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID
> 11
> close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID
> 11 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (METRON-159) Create a parser for Ironport
[
https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David M. Lyle updated METRON-159:
-
Labels: ParserExtension platform (was: ParserExtension)
> Create a parser for Ironport
> -
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
>Reporter: sagar gaikwad
>Assignee: James Sirota
>Priority: Minor
> Labels: ParserExtension, platform
> Fix For: 0.2.2BETA
>
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data
> sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID DKIM:
> signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID
> 360303162 DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID
> DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 11 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID
> 11
> close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID
> 11 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (METRON-159) Create a parser for Ironport
[
https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Sirota updated METRON-159:
Assignee: Casey Stella
> Create a parser for Ironport
> -
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
>Reporter: sagar gaikwad
>Assignee: Casey Stella
>Priority: Minor
> Labels: ParserExtension
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data
> sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID DKIM:
> signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID
> 360303162 DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID
> DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 11 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID
> 11
> close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID
> 11 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (METRON-159) Create a parser for Ironport
[
https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Sirota updated METRON-159:
Labels: ParserExtension (was: )
> Create a parser for Ironport
> -
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
>Reporter: sagar gaikwad
>Priority: Minor
> Labels: ParserExtension
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data
> sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID DKIM:
> signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID
> 360303162 DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID
> DKIM: signing with abc_com - matches
> microsoftexchange33ee33eee...@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 11 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID
> 11
> close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID
> 11 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
