Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Metron - Snort/Bro/Yaf logs not getting pushed to Alerts UI

Highlighted

Metron - Snort/Bro/Yaf logs not getting pushed to Alerts UI

New Contributor

We have pushed Snort/Bro/Yaf logs to Metron and we are now able to see those logs in Kibana - Metron Dashboard. How we can push the logs to Metron Alerts UI. I am not able to see any logs in Alerts UI.Can you please help in the configurations required. Sample data loaded for Snort


{
"_index": "snort_index_2019.04.08.12_index_2019.04.08.12",
"_type": "snort_doc",
"_id": "AWn7zOh6RciyMRiyIam6",
"_version": 1,
"_score": null,
"_source": {
"msg": "'snort test alert'",
"enrichments:geo:ip_dst_addr:location_point": "55.7386,37.6068",
"sig_rev": "0",
"ip_dst_port": "80",
"ethsrc": "00:00:00:00:00:00",
"threat:triage:rules:0:comment": null,
"tcpseq": "0xC0313235",
"dgmlen": "395",
"adapter:geoadapter:begin:ts": "1554385364877",
"tcpwindow": "0xF76E",
"enrichments:geo:ip_dst_addr:latitude": "55.7386",
"threat:triage:rules:0:name": null,
"parallelenricher:enrich:end:ts": "1554385364913",
"tcpack": "0xD1FE03DC",
"protocol": "TCP",
"source:type": "snort",
"adapter:threatinteladapter:end:ts": "1554385364913",
"ip_dst_addr": "95.163.121.204",
"original_string": "01/11/17-21:32:35.847685 ,1,999158,0,\"'snort test alert'\",TCP,192.168.138.158,49207,95.163.121.204,80,00:00:00:00:00:00,00:00:00:00:00:00,0x199,***AP***,0xC0313235,0xD1FE03DC,,0xF76E,128,0,2559,395,142340,,,,",
"adapter:hostfromjsonlistadapter:end:ts": "1554385364877",
"tos": "0",
"adapter:geoadapter:end:ts": "1554385364877",
"id": "2559",
"ip_src_addr": "192.168.138.158",
"enrichments:geo:ip_dst_addr:longitude": "37.6068",
"threat:triage:rules:0:score": "10",
"timestamp": 1484150555847,
"ethdst": "00:00:00:00:00:00",
"threat:triage:rules:0:reason": null,
"parallelenricher:enrich:begin:ts": "1554385364913",
"threat:triage:score": 10,
"is_alert": "true",
"adapter:hostfromjsonlistadapter:begin:ts": "1554385364877",
"ttl": "128",
"parallelenricher:splitter:begin:ts": "1554385364913",
"ethlen": "0x199",
"iplen": "142340",
"ip_src_port": "49207",
"parallelenricher:splitter:end:ts": "1554385364913",
"adapter:threatinteladapter:begin:ts": "1554385364913",
"tcpflags": "***AP***",
"guid": "fc1aa200-9187-4052-9a06-1f1812557bea",
"enrichments:geo:ip_dst_addr:country": "RU",
"sig_id": "999158",
"sig_generator": "1"
},
"fields": {
"adapter:geoadapter:begin:ts": [
1554385364877
],
"adapter:hostfromjsonlistadapter:begin:ts": [
1554385364877
],
"adapter:threatinteladapter:end:ts": [
1554385364913
],
"adapter:hostfromjsonlistadapter:end:ts": [
1554385364877
],
"adapter:threatinteladapter:begin:ts": [
1554385364913
],
"adapter:geoadapter:end:ts": [
1554385364877
],
"timestamp": [
1484150555847
]
},
"sort": [
1484150555847
]
}