Snort

Snort is one of the telemetry data source parsers that are bundled in Cloudera Cybersecurity Platform (CCP).

Snort is a network intrusion prevention systems (NIPS). Snort monitors network traffic and generates alerts based on signatures from community rules. Cloudera Cybersecurity Platform (CCP) sends the output of the packet capture probe to Snort. CCP uses the kafka-console-producer to send these alerts to a Kafka topic. After the Kafka topic receives Snort alerts, they are retrieved by the parsing topology in Storm.

By default, the Snort parser uses ZoneId.systemDefault() as the source time zone for the incoming data and MM/dd/yy-HH:mm:ss.SSSSSS as the default date format. Valid time zones are determined according to the Java ZoneId.getAvailableZoneIds() values. DateFormats should match options at https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html.

Following is a sample configuration with dateFormat and timeZone explicitly set in the parser configuration file:

"parserConfig": {
"dateFormat" : "MM/dd/yy-HH:mm:ss.SSSSSS",
"timeZone" : "America/New_York"
}