Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-185

Create McAfee NSM Firewall Parser

Add voteWatch issue
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: To Do
    • Minor
    • Resolution: Unresolved
    • None
    • None

    Description

      Create a parser for the McAfee NSM Firewall Parser. How they should be parsed is specified below.

      <188>Apr 15 16:35:41 GMT mabm011q AclLog: mabm011q matched Outbound ACL rule (COM Baseline Firewall/#3) 60.210.64.70 -> 200.60.213.21:443 (ssl/SSL/TLS (HTTPS)) = ->PERMIT|N/A|N/A

      {
      "priority":188,
      "timestamp":1460738141000,
      "hostname":"mabm011q",
      "firewall_rule":"COM Baseline Firewall/#3",
      "firewall_direction":"Outbound",
      "ip_src_addr":"60.210.64.70",
      "ip_dst_addr":"200.60.213.21",
      "ip_dst_port":"443",
      "protocol":"ssl",
      "subprotocol":"SSL/TLS (HTTPS)",
      "action":"PERMIT"
      }

      Attachments

        Activity

          People

            Unassigned Unassigned
            JonathanRider Jonathan Rider
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment