Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Snort

Snort is one of the telemetry data source parsers that are bundled in Hortonworks Cybersecurity Platform (HCP).

Snort is a network intrusion prevention systems (NIPS). Snort monitors network traffic and generates alerts based on signatures from community rules. Hortonworks Cybersecurity Platform (HCP) sends the output of the packet capture probe to Snort. HCP uses the kafka-console-producer to send these alerts to a Kafka topic. After the Kafka topic receives Snort alerts, they are retrieved by the parsing topology in Storm.

By default, the Snort parser uses ZoneId.systemDefault() as the source time zone for the incoming data and MM/dd/yy-HH:mm:ss.SSSSSS as the default date format. Valid time zones are determined according to the Java ZoneId.getAvailableZoneIds() values. DateFormats should match options at https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html.

Following is a sample configuration with dateFormat and timeZone explicitly set in the parser configuration file:

"parserConfig": {
"dateFormat" : "MM/dd/yy-HH:mm:ss.SSSSSS",
"timeZone" : "America/New_York"
}