Thomas Bailet
Thomas Bailet
this processor gets data from many threat intelligence providers and tag events if ip are in blacklist Each threat intel source has two components: an enrichment data source and an...
Event correlation is finding relationships between seemingly unrelated events in data from multiple sources. For example, you can track a series of related events as a single transaction to measure...
given a sample of log lines or raw records (100 or more), this processor should give back an avro schema and a Processor parser config (regex pattern and son on)...
We've detected some regression with the set manual offset flag (in spark 1.6) and in spark 2 with the ability to replay for 0 (or even better from a specific...
https://www.youtube.com/watch?v=tUASgZN3PDM https://www.slideshare.net/HadoopSummit/using-sequence-statistics-to-fight-advanced-persistent-threats In a persistent threat, the attacker often penetrates a system but exploits information captured there elsewhere at a throttled rate to avoid detection. In some cases, the attacker...
=> may be just templates or mapping config to handle a uniform naming convention : https://github.com/apache/incubator-spot/blob/master/docs/open-data-model/open-data-model.md have a look to : https://github.com/Open-Network-Insight/open-network-insight