unfetter-analytic icon indicating copy to clipboard operation
unfetter-analytic copied to clipboard

Published 20 hours ago verified publisher icon unfetter-discover

pull analytics from Unfetter Discover and run against elasticsearch

Open infosec-alchemist opened this issue 6 years ago • 0 comments

in addition to the CAR analytics, we want to poll the Unfetter Discover for the analytic scripts, and then run those analytics against Unfetter Analytic

  • [ ] The data model in Elasticsearch must match the scripted analytic
  • [ ] Be able to support AT LEAST one analytic, which is very focused on an Event ID for easy testing
  • [ ] Must push the alert and the sighting
  • [ ] Must be able to pull ONE observed data object. But not sure how to manage that.

infosec-alchemist avatar Mar 30 '18 19:03 infosec-alchemist