search

elastic / logstash

Logstash - transport and process your logs, events, or other data
https://www.elastic.co/products/logstash
Other
14.17k stars 3.49k forks source link

New plugin: Intent classification plugin #10347

Open assaf79 opened 5 years ago

assaf79 commented 5 years ago

Hi,

We'd like to contribute empow's intent classification plugin code to the plugins' repo.

empow's plugin enriches security logs with attackers' intent and additional security information. The plugin is available here. We currently enrich logs from intrusion detection systems, and plan to add support for anti-malware products in the next few days.

thanks, Assaf

yaauie commented 5 years ago

I'm a little hesitant to pull this plugin into the logstash-plugins org, as none of the Logstash team members have direct experience with the Empow product or its APIs, which makes maintaining it substantially difficult.

I would be glad to do a deep review of the plugin as it stands if you're open to that kind of feedback (likely via PRs and Issues on the project itself), and would also be glad to support making this plugin (and thus, your product) visible to the Logstash community.

Please let me know if this would be a helpful effort so I can add it to my queue :)

assaf79 commented 5 years ago

@yaauie , We would really appreciate any comments you might have regarding the implementation, and also your help in making the filter visible to the community. I guess you're referring to adding us to the documentation of logstash's filters?

We discussed contributing the plugin with Alvin, who recommended to maintain the plugin on our repository for the time being.

thanks, Assaf