features need to be broken up into separate issues

[giovino]

omni-tool (data normalization)

• [x] Can be run as a service/damon
• [ ] Input: http, stdin, file, tail (file), REST API (JSON), tcp socket, syslog socket
• [ ] Parser: csv, pipe, regex, json, delimited, rss, xml, html, text, email, syslog, stix
• [x] Output: csv, html, json, table, xml, stix
• [x] Application support (in and out):
  • CIF, csirtg, Security Onion, Suricata, Snort, Bro, HoneyDrive, Kippo, SpamAssassin, DenyHosts, Cuckoo, Logstash, CRITS, Viper, etc

[wesyoung]

https://isc.sans.edu/diary/Feeding+DShield+with+OSSEC+Logs/20141 https://github.com/xme/ossec2dshield https://github.com/xme/ossec2dshield/blob/master/ossec2dshield.pl

(process logs?)

[wesyoung]

https://github.com/fail2ban/fail2ban/blob/master/config/action.d/badips.conf https://github.com/fail2ban/fail2ban/blob/master/config/action.d/ https://github.com/denyhosts/denyhosts/tree/master/plugins