Skip to content

Commit

Permalink
h
Browse files Browse the repository at this point in the history
  • Loading branch information
@SMAPPER
SMAPPER committed Jun 27, 2018
1 parent 38d716f commit 578ac34
Showing 1 changed file with 52 additions and 0 deletions.
52 changes: 52 additions & 0 deletions High Fidelity Alerts_Context for your context/parsing.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,58 @@ filter {
}
}
}
# Step 7 WHOIS information
if [step] {
if [step] >= 7 {
if "source_top1m" not in [tags] and [source_highest_registered_domain] {
rest {
request => {
url => "http://domain_stats:20000/domain/creation_date/%{source_highest_registered_domain}"
}
sprintf => true
json => false
target => "source_domain_creation_date"
}
}
if "destination_top1m" not in [tags] and [destination_highest_registered_domain] {
rest {
request => {
url => "http://domain_stats:20000/domain/creation_date/%{destination_highest_registered_domain}"
}
sprintf => true
json => false
target => "destination_domain_creation_date"
}
}
}
}
# Step 8 Frequency Analysis
if [step] {
if [step] >= 7 {
# This section will calculate the natural language frequency score of a domain
# assuming the domain is not a top-1m domain and a domain exists
if "source_top1m" not in [tags] and [source_highest_registered_domain] {
rest {
request => {
url => "http://freq_server:10004/measure/%{source_highest_registered_domain}"
}
sprintf => true
json => false
target => "source_domain_frequency_score"
}
}
if "destination_top1m" not in [tags] and [destination_highest_registered_domain] {
rest {
request => {
url => "http://freq_server:10004/measure/%{destination_highest_registered_domain}"
}
sprintf => true
json => false
target => "destination_domain_frequency_score"
}
}
}
}
# This will capture the finish time of the filter processing section and then use it with the
# start time to calculate how long the log took to process.
ruby {
Expand Down

0 comments on commit 578ac34

Please sign in to comment.