dev, I recently created a demo environment where two remote MiNiFi instances (m1 and m2) were sending diverse range of security telemetry (suspicious email attachments, syslog streams, individual session honeypot logs, merged honeypot session logs, etc) from edge to DC via S2S Input ports
Once some of this data was processed at the hub I then used Output ports to send contents back to the spokes, where the minifi instances use the flowfiles contents as arguments of OS commands (called via Gooovy String.execute().text via ExecuteScript). The idea being to show how NiFi can be used in basic security orchestration (in this case updating m1's firewall tables with malicious IPs observed in m2 and vice versa). While crafting the demo I noticed the Output ports operate like queues, therefore if one client consumed data from the port, the other was unable to obtain the same flowfiles. This is obviously not an issue when using 2 minifi clients (where I can just create another output port and clone to content) but wouldn't flow very well with hundred of clients. I wonder if anyone would have a suggestion of how to achieve a N to 1 Output port like that? And if not, I wonder if we should create one? Cheers
