First off, welcome to the community! Your project sounds quite exciting with such a wide range of partner organizations.
It sounds like you have existing telemetry data, already JSON objects, which you'd like to ingest into Metron. I'd suggest starting with the JSONMapParser and using fieldTransformations to adapt your data into the standard Metron fields (e.g. timestamp, ip_src_addr, ip_dst_addr, etc). There is some good documentation on setting up these parser configurations here [1]. We are an active community so if you run into any questions just shoot an email out to the list or join us on IRC. -Kyle [1] https://github.com/apache/metron/tree/master/metron- platform/metron-parsers On Wed, Jul 12, 2017 at 10:27 AM, Antonio Pérez Bautista <apbauti...@gmv.com > wrote: > Hello, > > > > My name is Antonio Perez and I work as a developer in GMV. > > > > We joined the mailing list of users and developers because in our company > we are currently developing a project called PROTECTIVE for the European > Commission. In this project we have joined several companies from Europe (3 > NRENs, 3 academic and 4 commercial partners from 8 countries) to try to > develop a solution designed to improve an organization's ongoing awareness > of the risk posed to its business by cyber security attacks. > > > > This solution is based on improved security monitoring and increased > sharing of threat intelligence between organizations within a community, > and ranks critical alerts based on the potential damage the attack can > inflict on the threatened assets and hence to the business organizations. > > > > GMV thinks METRON could be a good tool for the project. We would like to > test it and try to integrate with the solution. If everything goes as we > expect, then we will try to get the commitment of the others companies. > > > > For now we are working with metron-docker, and we followed the little > example on github. So now, what we would like to do is to add our > information on a specific json format to the METRON solution. We have not > found examples of that and some help here could be really great. > > > > Thanks and regards! > > > > > > [image: cid:image001.gif@01D2FB27.1447C5B0] > > *Antonio Pérez Bautista* > > Ingeniero Tecnología y Servicios Secure e-Solutions / Technology Engineer > and Secure service e-Solutions > > GMV > Balmes 268-270, 5ª Planta > E-08006 Barcelona > Tel. +34 93 272 18 48 > Fax +34 93 215 61 87 > www.gmv.com > > [image: cid:image002.png@01D2FB27.1447C5B0] > <http://www.facebook.com/infoGMV> > > [image: cid:image003.png@01D2FB27.1447C5B0] > <http://www.twitter.com/infoGMV_es> > > [image: cid:image004.png@01D2FB27.1447C5B0] > <https://plus.google.com/+Gmvcompany> > > [image: cid:image005.png@01D2FB27.1447C5B0] > <http://www.youtube.com/infoGMV> > > [image: cid:image006.png@01D2FB27.1447C5B0] > <https://www.linkedin.com/company/gmv> > > [image: cid:image007.png@01D2FB27.1447C5B0] <http://www.gmv.com/en/RSS> > > > > [image: cid:image008.png@01D2FB27.1447C5B0] > <http://www.gmv.com/blog_gmv/language/en/> > > > > > > P Please consider the environment before printing this e-mail. > > ------------------------------ > This message including any attachments may contain confidential > information, according to our Information Security Management System, and > intended solely for a specific individual to whom they are addressed. Any > unauthorised copy, disclosure or distribution of this message is strictly > forbidden. If you have received this transmission in error, please notify > the sender immediately and delete it. Thank you. > ------------------------------ > Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede > contener información clasificada por su emisor como confidencial en el > marco de su Sistema de Gestión de Seguridad de la Información siendo para > uso exclusivo del destinatario, quedando prohibida su divulgación copia o > distribución a terceros sin la autorización expresa del remitente. Si Vd. > ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y > proceda a su borrado. Gracias por su colaboración. > ------------------------------ > Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação > confidencial, de acordo com nosso Sistema de Gestão de Segurança da > Informação, sendo para uso exclusivo do destinatário e estando proibida a > sua divulgação, cópia ou distribuição a terceiros sem autorização expressa > do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise > de imediato o remetente e apague-a. Obrigado pela sua colaboração. > ------------------------------ > >
