Add new Alerter: IDMEF with Prelude SIEM #2906
Conversation
|
Hello "prelude" comes with python3-prelude package on linux distribution. Maybe setup.py is not the right place for this ? Regards |
|
Hello Prelude is now on Pypi : https://pypi.org/project/prelude/ |
|
Hello
Regards |
ToToL
force-pushed
the
master
branch
2 times, most recently
from
7e48055
to
14690f6
Compare
|
Hello I tried bu the Dockerfile-test does not seems to be taken in account. Regards |
ToToL
force-pushed
the
master
branch
2 times, most recently
from
d688847
to
42c6c04
Compare
IDMEF (RFC 4765) is intended to be a standard data format that automated intrusion detection systems can use to report alerts about events that they deem suspicious. Prelude SIEM is an OpenSource SIEM: https://www.prelude-siem.org
|
Travis use an old Ubuntu. For libprelude with python3 support, we need at least Ubuntu Focal :( |
|
Done for conflict |
|
Hello Travis use Ubuntu Xeinal for building but python3.6-prelude comes with ubuntu bionic (next LTS). So it is not possible to install dependencies through this. To install it with pip, as described in https://pypi.org/project/prelude/ you need to : Is it possible to add this to the configuration ? Regards |
Hello
Here is a contribution to make Elastalert natively compatible with Prelude SIEM.
IDMEF (RFC 4765) is intended to be a standard data format that automated
intrusion detection systems can use to report alerts about events
that they deem suspicious.
Prelude SIEM is an OpenSource SIEM: https://www.prelude-siem.org and is in major Linux Distributions (RedHat/CentOS/Fedora/Debian/Ubuntu/etc.)
As other IDS already natively compatible with Prelude SIEM (Suricata, OSSEC, Wazuh, ClamAV, etc.) I think this is a good idea to have Elastalert compatible with Prelude SIEM.
Regards