It would be executed after threat intel / triage scoring. Could you give an example of either solution? I did look into using stellar functions but wasn't sure how to call a seperate method using stellar, how would I would I make the new method accessible using stellar functions?
Regards, Tyler Moore Software Engineer Phone: 248-909-2769 Email: [email protected] On Fri, Dec 30, 2016 at 3:08 PM, Otto Fowler <[email protected]> wrote: > Or a Maas service? > > > On December 30, 2016 at 13:52:06, [email protected] ([email protected]) > wrote: > > Depending on the details it sounds like a much simpler solution would be to > handle this in a Stellar function. > > Jon > > On Fri, Dec 30, 2016, 13:27 Tyler Moore <[email protected]> wrote: > > > Happy Holidays Metron Devs! > > > > Could anyone lend me some guidance on customizing the storm topologies in > > metron? What I am am trying to accomplish: > > > > 1) Add a method to the threat intel joiner bolt that sends an http post > > with the score of the threat to a remote rest api. This will > conditionally > > trigger notifications based on user settings in another database (the > > backend processing logic is on another platform). > > The score should be available within the JSONObject but I am not an > expert > > with storm and I am not completely understanding what conditions > constitute > > when the threat feed is considered an "alert" in metron. Please clarify. > > > > 2) How would I add an external dependency, my http rest java class, to > the > > metron maven build process? More specifically, if I was adding a custom > > class that needed accessed by a bolt in storm, how would I add this in > > maven as a dependency. I have limited experience with maven but, my > > understanding is that I would add it to the pom.xml and recompile. > > Although, the metron quick dev platform is built on a vm, would I need to > > account for this? Please advise. > > > > Regards, > > > > Tyler Moore > > > > > > Software Engineer > > Phone: 248-909-2769 > > Email: [email protected] > > > -- > > Jon > > Sent from my mobile device >
