Hello,
Just wondering if Metron has a feature to email alerts based on rules that a user defines.

Example:
Rule A: Email the user [EMAIL PROTECTED] whenever ip_src_addr=100.2.10.*
Rule B: Email the user [EMAIL PROTECTED] whenever payload contains "critical"

If not, does anyone have any recommendations on where to code these rules in the Metron stack that uses attributes from the GROK parser?
-Ahmed
_______________________________________________________________
Ahmed Shah (PMP, M. Eng.)
Cybersecurity Analyst & Developer
GCR - Cybersecurity Operations Center
Carleton University - cugcr.com<https://cugcr.com/tiki/lce/index.php>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB