Skip to main content

Integrating McAfee SIEM with Apache Nifi Video 2/3




In this second video, I will show how to create a workflow blueprint. The workflow created, does the following steps:


  1. Collect information from twitter and filter them by some keywords, in order to do this certain credentials must be obtained from the twitter api (Consumer secret and access token secret), the sensible information is not shown on the video.
  2. Next step is pull key attributes, from the twitter json string, so we don't have to deal with the information we are not interested in, in this example I am extracting user name, language used and message information.
  3. Next, we check that it is in fact a twitter message and if so we route the information to the next step.
  4. Next , the traffic flow is transformed into a json string
  5. Last step is to send the information as the message string of a syslog event to the receiver.


In the SIEM receiver we create a Data Source and log the unknown syslog information as unknown, in the next post I will create a parser so the information will be correctly parsed.


Labels:

Comments

  1. GBwhatsApp APKSeptember 24, 2021 at 8:06 AM

    Thanks for the detailed article on this topic. I would like to see more such awesome articles from you.

    ReplyDelete
    Replies
    1. coc mod apkOctober 28, 2021 at 7:44 PM

      I think Gbwhatsapp has much better version now called gbwa pro. But where to download it?

      Delete
  2. bruce wayneOctober 20, 2021 at 1:48 PM

    Great blog.thanks for sharing such a useful information
    best german language institute in chennai

    ReplyDelete
  3. Pavithra DeviFebruary 8, 2022 at 5:36 AM

    This post is so interactive and informative.keep update more information...
    dot net training in Tambaram
    Dot net training in Chennai

    ReplyDelete
  4. Whatsapp Aero ApkFebruary 20, 2022 at 5:12 AM

    I like your page, it is amazing. Thanks

    ReplyDelete
  5. naeemfabianiMarch 3, 2022 at 10:49 PM

    Casino & Hotel, Laughlin NV | MapyRO
    Find 영주 출장샵 the cheapest and quickest way to get from Casino 전라남도 출장마사지 & Hotel, Laughlin NV 89109 to Casino 의정부 출장샵 & Hotel, 제천 출장마사지 Las Vegas. 강릉 출장안마

    ReplyDelete
  6. AnonymousMay 27, 2022 at 7:58 AM

    Smm panel
    Smm panel
    İs ilanlari blog
    İnstagram Takipçi Satın Al
    hirdavatciburada.com
    beyazesyateknikservisi.com.tr
    Servis
    Tiktok Para Hilesi İndir

    ReplyDelete
  7. AnonymousJune 3, 2022 at 2:45 PM

    ataşehir toshiba klima servisi
    ataşehir lg klima servisi
    çekmeköy daikin klima servisi
    ataşehir daikin klima servisi
    ümraniye lg klima servisi
    üsküdar toshiba klima servisi
    tuzla toshiba klima servisi
    çekmeköy lg klima servisi
    tuzla samsung klima servisi

    ReplyDelete
  8. rannaugtakachNovember 9, 2022 at 12:42 PM

    Yes, Fairspin Casino presents a simple login system in your account. You will need to|might want to} click on the "Login" button and enter your email and password. Don't forget to tick the particular verify for robots, 1xbet which protects the net institution from spam makes an attempt or hacker attacks. Alternatively, you can use use|you have to use} social networks to quickly log in and start your way on the earth of gambling. Big Spin Casino was first sent off in 2017 and has was a famous web-based casino for US, Canadian, Australian, and European players. With developments at the high and video games all via the fundamental web page, this is yet one more casino US players will appreciate.

    ReplyDelete
  9. AnonymousDecember 1, 2022 at 7:29 PM

    If excessive stakes motion is your adrenaline, then step inside this final VIP expertise. Wimberley Interiors, considered one of the world’s main design consultants within the hospitality industry, created the Mezzanine Level Casino utilizing an Art Deco inspiration. Dummies has all the time stood for taking on complicated ideas and making 퍼스트카지노 them simple to understand.

    ReplyDelete
  10. elaJuly 10, 2023 at 5:18 AM

    dijital kartvizit
    referans kimliği nedir
    binance referans kodu
    referans kimliği nedir
    bitcoin nasıl alınır
    resimli magnet
    ORFİM

    ReplyDelete
  11. batuJuly 25, 2023 at 2:14 PM

    beşiktaş
    eyüpsultan
    gebze
    marmaris
    tekirdağ

    BSA0L

    ReplyDelete
  12. AnonymousJune 25, 2024 at 12:00 PM

    Your topic is very good. Please share more. Join our free mod apk topic.

    ReplyDelete

Post a Comment

Popular posts from this blog

Working with McAfee SIEM API

McAfee SIEM has a strong API that allows to interact with the application programatically. This API offers a RESTful interface and its documentation is available in the following URL on a running ESM https://<ESM_IP>/rs/esm/help In this post, through a set of code snippets I will show you how to connect to the ESM API via RESTful and execute different API commands. 1) Initial connection to the API Server In this first code snippet we are authenticating against the API and we obtain a token in the response that we use in order to create an authenticated header that will be used for the rest of API connections. 2) Testing that we have all the authentication parameters needed. Getting the time of the system. In this second code snippet we use the just obtained authentication header in order to get the system time through the available command (essmgtGetESSTime)   3) Getting the version (builtstamp) of the system.   4) Other useful available ...
2 comments
Read more

How to blacklist IPs on McAfee Network Security Platform

Python script that allows to blacklist IPs on McAfee Network Security Platform. The uses is quite straightforward, bellow you can see some examples Usage nsmcli.py [-h] -u USER -p PASSWORD -nsm NSM_IP [-get_sensors][-get_qhosts][-sensor SENSOR_NAME][-i IP_ADDRESS][-quarantine][-remove] [-t {15,30,45,60,240,480,720,960,999}][--version] Examples of usage Get the list of sensors managed by a Network Security Manager nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_sensors Name ID           Model   Sensor     IP                     SW Ver    Sigset Ver   Active M2750-4pocs   1001     M-2750   192.168.0.203   7.5.3.16   7.6.14.9       1 Get the list of quarantine IPs nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_qhosts Quarantined hosts for M2750-4pocs ...
1 comment
Read more