0 Replies Latest reply on Oct 31, 2018 8:15 PM by jimhansen

    Need a plugin for Threat Monitor?  Just ask.

    jimhansen

      We've had a number questions come up recently about how to get a new data source into Threat Monitor.  We do this using plugins.  Plugins are basically parsers used to extract the relevant data from the events wtihin the data source and normalize them for upstream processing within Threat Monitor.  If you need a plugin for a new data source, you simply need to open a support request.  You'll need to include the following information:

       

      1. Vendor Name
      2. Product Name
      3. Product Version
      4. Short description of how to collect data from this data source (e.g. syslog, flat file in directory xyz, database SQL query, etc.)
      5. Short description of what you are looking to do with the data once collected.  For example, are you looking to generate alarms based on certain conditions?  Reporting?  If so, any particular questions you are trying to answer?
      6. Sample file that includes a representative sample of the data.  Ideally, this includes a few different examples of each event type contained within but we can always start with whatever you give us.

       

      Depending on the collection mechanism, what we know about the data, what we can learn about the data from you and the vendor, we can usually turn a plugin around pretty quickly.  Although we do not have an SLA, we will strive to build the plugin for you as quickly as possible.