Hi, I am planning to use Metron as a SIEM and exploring it's features. Thanks for the great documentation. It helped a lot to set it up quickly. Initially configured snort ,bro,yaf logs to flow into Metron . For snort, could see threat triage rules configured in the Metron enrichment config. But for bro logs, is_alert field is blank .I verified the data in the Kibana. Though the is_alert is blank ,those logs also appearing in metron alerts ui.How this could be possible. Also i pushed json data to the new datasource which i configured . I created a new elastic search template. When reading the readme file, it has been mentioned to create metron_alert field. What is the difference between is_alert and metron_alert.
What are the configuration needed to push data as alerts in metron AlertsUI. I could see logs are being parsed,enriched and indexed in the elastic search. So created Kibana dashboard .But i couldn't find anything i. AlertsUI. What should i do?Any help is highly appreciated. Thanks, Jai
