Happy Holidays Metron Devs! Could anyone lend me some guidance on customizing the storm topologies in metron? What I am am trying to accomplish:
1) Add a method to the threat intel joiner bolt that sends an http post with the score of the threat to a remote rest api. This will conditionally trigger notifications based on user settings in another database (the backend processing logic is on another platform). The score should be available within the JSONObject but I am not an expert with storm and I am not completely understanding what conditions constitute when the threat feed is considered an "alert" in metron. Please clarify. 2) How would I add an external dependency, my http rest java class, to the metron maven build process? More specifically, if I was adding a custom class that needed accessed by a bolt in storm, how would I add this in maven as a dependency. I have limited experience with maven but, my understanding is that I would add it to the pom.xml and recompile. Although, the metron quick dev platform is built on a vm, would I need to account for this? Please advise. Regards, Tyler Moore Software Engineer Phone: 248-909-2769 Email: [email protected]
