[
https://issues.apache.org/jira/browse/METRON-2102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tibor Meller updated METRON-2102:
---------------------------------
Description:
h2. Working Branch on github
[https://github.com/tiborm/metron/tree/METRON-2102-click-through-menu]
The feature is by default turned on with a simple configuration so it
immediately shows up on the Alert UI if you check out the branch above.
h1. About the feature
Click Through Navigation is a feature makes Metron Users able to reach other
web services via dynamically created URLs by clicking link item in a context
menu.
This context menu (aka. click-through menu) is attached to the alerts table
and the links are populated with alert data from the specific row of the table.
h2. Attaching and configuring click-through menu to a column
Items and URLs in the context menu based on a configuration (this is currently
a JSON file). A configuration could be attached to a cell or a row.
If you like to attach a menu configuration to a cell of a column you should
use the field id (what field of the alert populates the column) to target the
particular column.
For example, the following configuration adding the "Whois Reputation Service"
item to the context menu which appears if the user left click on a value in the
"host" column:
{
"host": [
{
"label": "Whois Reputation Service",
"urlPattern": "https://www.whois.com/whois/{}";
}
]
}
Clicking on the item opens another browser tab and call the URL in the
urlPattern config field. "{}" at the end of the pattern stands for being a
default placeholder and it will be replaced by the value of the host field in
the particular row which was clicked.
But in the configuration, any available alert property field could be
referenced like the following:
{
"host": [
{ "label": "Whois Reputation Service", "urlPattern":
"https://www.whois.com/whois/
{ip_src_addr}
"
}
]
}
In this case however the menu attached to the host column the place holder
will be resolved with the value of the ip_src_addr field of the particular
alert item.
You can reference multiple fields and can combine default and specific
placeholders:
{
"host": [
{
"label": "Whois Reputation Service",
"urlPattern":
"https://www.whois.com/whois/{}?srcip=\{ip_src_addr}&destip=\{ip_dest_addr}";
}
]
}
Configuration to a particular column could contain multiple menu items like in
the following example:
"ip_src_addr": [
\{ "label": "IP Investigation Notebook", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
"
},
{ "label": "IP Conversation Investigation", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
{ip_src_addr}
&ip_dst_addr=\{ip_dst_addr}"
}
],
h2. Attaching and configuring click-through menu to rows
In the case of rows, we distinguish simple alerts and meta alerts. So these
two types are configurable separately.
{
"alertEntry": [
\{ "label": "Internal ticketing system", "urlPattern":
"http://mytickets.org/tickets/ {id}
"
}
],
"metaAlertEntry": [
\{ "label": "MetaAlert specific item", "urlPattern":
"http://mytickets.org/tickets/{id}
"
}
]
}
These two keyword: "alertEntry" and "metaAlertEntry" stand for configuring
menu attached to alert and meta alert rows.
When the user clicking on a value it is recognized as a cell/column specific
click and the menu configured to the particular field/column will appear.
If the user clicks outside of value (to the blank space between values) it
will be recognized as a row click and alert or meta alert specific
click-through menu will show up depending on the type of the row.
h2. How to reach the config file
The config JSON (until we providing an admin UI for this feature) is available
for editing to field engineers or other professionals who have ssh access to
metron deployment.
In our Metron source code the click-through configuration JSON file available
in the following path:
/metron/metron-interface/metron-alerts/src/assets/context-menu.conf.json
One can change this before deploying the UI to configure click-through menus.
Or one can find the same config file on a deployed system by ssh to the system
and following this path:
/usr/metron/\{version}/web/alerts-ui/assets/context-menu.conf.json
The default configuration at the time of writing looks like the following:
{
"alertEntry": [
\{ "label": "Internal ticketing system", "urlPattern":
"http://mytickets.org/tickets/ {id}
"
}
],
"metaAlertEntry": [
\{ "label": "MetaAlert specific item", "urlPattern":
"http://mytickets.org/tickets/{id}
"
}
],
"id": [
{
"label": "Dynamic menu item 01",
"urlPattern": "http://mytickets.org/tickets/{}";
}
],
"ip_src_addr": [
\{ "label": "IP Investigation Notebook", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
"
},
{ "label": "IP Conversation Investigation", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
{ip_src_addr}
&ip_dst_addr=\{ip_dst_addr}"
}
],
"ip_dst_addr": [
\{ "label": "IP Investigation Notebook", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip= {ip_dst_addr}
"
},
\{ "label": "IP Conversation Investigation", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip_src_addr={ip_src_addr}
&ip_dst_addr=\{ip_dst_addr}"
}
],
"host": [
{
"label": "Whois Reputation Service",
"urlPattern": "https://www.whois.com/whois/{}";
}
]
}
was:
h2. Working Branch on github
[https://github.com/tiborm/metron/tree/feature/click-through]
The feature is by default turned on with a simple configuration so it
immediately shows up on the Alert UI if you check out the branch above.
h1. About the feature
Click Through Navigation is a feature makes Metron Users able to reach other
web services via dynamically created URLs by clicking link item in a context
menu.
This context menu (aka. click-through menu) is attached to the alerts table
and the links are populated with alert data from the specific row of the table.
h2. Attaching and configuring click-through menu to a column
Items and URLs in the context menu based on a configuration (this is currently
a JSON file). A configuration could be attached to a cell or a row.
If you like to attach a menu configuration to a cell of a column you should
use the field id (what field of the alert populates the column) to target the
particular column.
For example, the following configuration adding the "Whois Reputation Service"
item to the context menu which appears if the user left click on a value in the
"host" column:
{
"host": [
{
"label": "Whois Reputation Service",
"urlPattern": "https://www.whois.com/whois/{}";
}
]
}
Clicking on the item opens another browser tab and call the URL in the
urlPattern config field. "{}" at the end of the pattern stands for being a
default placeholder and it will be replaced by the value of the host field in
the particular row which was clicked.
But in the configuration, any available alert property field could be
referenced like the following:
{
"host": [
{ "label": "Whois Reputation Service", "urlPattern":
"https://www.whois.com/whois/
{ip_src_addr}
"
}
]
}
In this case however the menu attached to the host column the place holder
will be resolved with the value of the ip_src_addr field of the particular
alert item.
You can reference multiple fields and can combine default and specific
placeholders:
{
"host": [
{
"label": "Whois Reputation Service",
"urlPattern":
"https://www.whois.com/whois/{}?srcip=\{ip_src_addr}&destip=\{ip_dest_addr}";
}
]
}
Configuration to a particular column could contain multiple menu items like in
the following example:
"ip_src_addr": [
\{ "label": "IP Investigation Notebook", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
"
},
{ "label": "IP Conversation Investigation", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
{ip_src_addr}
&ip_dst_addr=\{ip_dst_addr}"
}
],
h2. Attaching and configuring click-through menu to rows
In the case of rows, we distinguish simple alerts and meta alerts. So these
two types are configurable separately.
{
"alertEntry": [
\{ "label": "Internal ticketing system", "urlPattern":
"http://mytickets.org/tickets/ {id}
"
}
],
"metaAlertEntry": [
\{ "label": "MetaAlert specific item", "urlPattern":
"http://mytickets.org/tickets/{id}
"
}
]
}
These two keyword: "alertEntry" and "metaAlertEntry" stand for configuring
menu attached to alert and meta alert rows.
When the user clicking on a value it is recognized as a cell/column specific
click and the menu configured to the particular field/column will appear.
If the user clicks outside of value (to the blank space between values) it
will be recognized as a row click and alert or meta alert specific
click-through menu will show up depending on the type of the row.
h2. How to reach the config file
The config JSON (until we providing an admin UI for this feature) is available
for editing to field engineers or other professionals who have ssh access to
metron deployment.
In our Metron source code the click-through configuration JSON file available
in the following path:
/metron/metron-interface/metron-alerts/src/assets/context-menu.conf.json
One can change this before deploying the UI to configure click-through menus.
Or one can find the same config file on a deployed system by ssh to the system
and following this path:
/usr/metron/\{version}/web/alerts-ui/assets/context-menu.conf.json
The default configuration at the time of writing looks like the following:
{
"alertEntry": [
\{ "label": "Internal ticketing system", "urlPattern":
"http://mytickets.org/tickets/ {id}
"
}
],
"metaAlertEntry": [
\{ "label": "MetaAlert specific item", "urlPattern":
"http://mytickets.org/tickets/{id}
"
}
],
"id": [
{
"label": "Dynamic menu item 01",
"urlPattern": "http://mytickets.org/tickets/{}";
}
],
"ip_src_addr": [
\{ "label": "IP Investigation Notebook", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
"
},
{ "label": "IP Conversation Investigation", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
{ip_src_addr}
&ip_dst_addr=\{ip_dst_addr}"
}
],
"ip_dst_addr": [
\{ "label": "IP Investigation Notebook", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip= {ip_dst_addr}
"
},
\{ "label": "IP Conversation Investigation", "urlPattern":
"http://zepellin.example.com:9000/notebook/someid?ip_src_addr={ip_src_addr}
&ip_dst_addr=\{ip_dst_addr}"
}
],
"host": [
{
"label": "Whois Reputation Service",
"urlPattern": "https://www.whois.com/whois/{}";
}
]
}
> [UI] Adding click-through navigation to Alerts table
> ----------------------------------------------------
>
> Key: METRON-2102
> URL: https://issues.apache.org/jira/browse/METRON-2102
> Project: Metron
> Issue Type: Sub-task
> Reporter: Tibor Meller
> Assignee: Tibor Meller
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> h2. Working Branch on github
> [https://github.com/tiborm/metron/tree/METRON-2102-click-through-menu]
> The feature is by default turned on with a simple configuration so it
> immediately shows up on the Alert UI if you check out the branch above.
> h1. About the feature
> Click Through Navigation is a feature makes Metron Users able to reach other
> web services via dynamically created URLs by clicking link item in a context
> menu.
> This context menu (aka. click-through menu) is attached to the alerts table
> and the links are populated with alert data from the specific row of the
> table.
> h2. Attaching and configuring click-through menu to a column
> Items and URLs in the context menu based on a configuration (this is
> currently a JSON file). A configuration could be attached to a cell or a row.
> If you like to attach a menu configuration to a cell of a column you should
> use the field id (what field of the alert populates the column) to target the
> particular column.
> For example, the following configuration adding the "Whois Reputation
> Service" item to the context menu which appears if the user left click on a
> value in the "host" column:
> {
> "host": [
> {
> "label": "Whois Reputation Service",
> "urlPattern": "https://www.whois.com/whois/{}";
> }
> ]
> }
> Clicking on the item opens another browser tab and call the URL in the
> urlPattern config field. "{}" at the end of the pattern stands for being a
> default placeholder and it will be replaced by the value of the host field in
> the particular row which was clicked.
> But in the configuration, any available alert property field could be
> referenced like the following:
> {
> "host": [
> { "label": "Whois Reputation Service", "urlPattern":
> "https://www.whois.com/whois/
> {ip_src_addr}
>
> "
> }
> ]
> }
> In this case however the menu attached to the host column the place holder
> will be resolved with the value of the ip_src_addr field of the particular
> alert item.
> You can reference multiple fields and can combine default and specific
> placeholders:
> {
> "host": [
> {
> "label": "Whois Reputation Service",
> "urlPattern":
> "https://www.whois.com/whois/{}?srcip=\{ip_src_addr}&destip=\{ip_dest_addr}";
> }
> ]
> }
>
> Configuration to a particular column could contain multiple menu items like
> in the following example:
> "ip_src_addr": [
>
> \{ "label": "IP Investigation Notebook", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
> "
> },
> { "label": "IP Conversation Investigation", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
> {ip_src_addr}
>
> &ip_dst_addr=\{ip_dst_addr}"
> }
> ],
> h2. Attaching and configuring click-through menu to rows
>
> In the case of rows, we distinguish simple alerts and meta alerts. So these
> two types are configurable separately.
>
> {
> "alertEntry": [
>
> \{ "label": "Internal ticketing system", "urlPattern":
> "http://mytickets.org/tickets/ {id}
>
> "
> }
> ],
> "metaAlertEntry": [
>
> \{ "label": "MetaAlert specific item", "urlPattern":
> "http://mytickets.org/tickets/{id}
>
> "
> }
> ]
> }
>
>
> These two keyword: "alertEntry" and "metaAlertEntry" stand for configuring
> menu attached to alert and meta alert rows.
> When the user clicking on a value it is recognized as a cell/column specific
> click and the menu configured to the particular field/column will appear.
> If the user clicks outside of value (to the blank space between values) it
> will be recognized as a row click and alert or meta alert specific
> click-through menu will show up depending on the type of the row.
> h2. How to reach the config file
>
> The config JSON (until we providing an admin UI for this feature) is
> available for editing to field engineers or other professionals who have ssh
> access to metron deployment.
> In our Metron source code the click-through configuration JSON file
> available in the following path:
> /metron/metron-interface/metron-alerts/src/assets/context-menu.conf.json
> One can change this before deploying the UI to configure click-through
> menus. Or one can find the same config file on a deployed system by ssh to
> the system and following this path:
> /usr/metron/\{version}/web/alerts-ui/assets/context-menu.conf.json
>
>
>
> The default configuration at the time of writing looks like the following:
> {
> "alertEntry": [
>
> \{ "label": "Internal ticketing system", "urlPattern":
> "http://mytickets.org/tickets/ {id}
>
> "
> }
> ],
> "metaAlertEntry": [
>
> \{ "label": "MetaAlert specific item", "urlPattern":
> "http://mytickets.org/tickets/{id}
>
> "
> }
> ],
> "id": [
> {
> "label": "Dynamic menu item 01",
> "urlPattern": "http://mytickets.org/tickets/{}";
> }
> ],
> "ip_src_addr": [
>
> \{ "label": "IP Investigation Notebook", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
> "
> },
> { "label": "IP Conversation Investigation", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
> {ip_src_addr}
>
> &ip_dst_addr=\{ip_dst_addr}"
> }
> ],
> "ip_dst_addr": [
>
> \{ "label": "IP Investigation Notebook", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip= {ip_dst_addr}
>
> "
> },
>
> \{ "label": "IP Conversation Investigation", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip_src_addr={ip_src_addr}
> &ip_dst_addr=\{ip_dst_addr}"
> }
> ],
> "host": [
> {
> "label": "Whois Reputation Service",
> "urlPattern": "https://www.whois.com/whois/{}";
> }
> ]
> }
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
