mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Make basic concepts a list

This commit is contained in:
Jonathan Claudius 2018-11-01 15:02:51 -04:00
Родитель 2627efc842
Коммит 978ec15244
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4BCDD990313DFA87
1 изменённых файлов: 3 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
docs/source/alert_development_guide.rst
Просмотреть файл

@ -54,9 +54,9 @@ At this point, begin development and periodically run your unit-tests locally wi
Background on concepts
----------------------
Logs - These are individual log line that are emitted from systems, like an Apache log
Events - These logs parsed into a JSON format, which exist in MozDef and used with the ELK stack
Alerts - These are effectively either a 1:1 events to alerts (this thing happens and alert) or a M:1 events to alerts (N of these things happen and alert).
- Logs - These are individual log line that are emitted from systems, like an Apache log
- Events - These logs parsed into a JSON format, which exist in MozDef and used with the ELK stack
- Alerts - These are effectively either a 1:1 events to alerts (this thing happens and alert) or a M:1 events to alerts (N of these things happen and alert).
When writing alerts, it's important to keep the above concepts in mind.