Re: [DISCUSS] Resources for how to contribute to Apache Metron

For nearly everybody I've talked to about this project that had complaints, I've heard something about the significant barrier to entry, divided into two general categories. Category 1 is that a lot of security teams lack substantial experience with Hadoop and would like to get a better understand

Re: [DISCUSS] Stellar in a Zeppelin Notebook

This is some awesome work, I'm looking forward to being able to play with it. Jon On Tue, Dec 19, 2017 at 1:12 PM Nick Allen wrote: > Yes, I definitely want auto-complete also. > > I am factoring out some of the logic you did for auto-complete in the REPL > in hopes of being able to apply that

Re: [DISCUSS] Lowering the barrier to entry to for new users

I agree we should streamline #2 and lower the bar, and we can readdress if we are getting PRs that don't follow the contributing guidelines. We should also make a contributing.md as not everybody knows about the wiki. For #3, I think the scripts that Nick, Otto, and others have written for lookin

Re: [VOTE] Metron Release Candidate 0.4.2-RC2

+1 (non-binding), also validated using Otto's script (super good work). Downloaded, validated checksums/sigs, bulit, ran tests, spun up full-dev, did some basic poking around. Jon On Tue, Dec 19, 2017 at 2:45 PM Nick Allen wrote: > +1 I validated using Otto's great script. > > * Validated the

Re: [DEV COMMUNITY MEETING] Call for Ideas and Schedule

I like your list of potential topics. I'm also in to attend - that time works well for me. I would be interested in talking about our release process, as I would like to suggest that we formalize upgrade and installation instructions to be included as a part of a release, and talk through any con

Re: [DISCUSS] Stellar Documentation Autogeneration

A huge +1 from me. This would be great On Thu, Dec 14, 2017 at 3:39 PM Michael Miklavcic < michael.miklav...@gmail.com> wrote: > +1 from me, great idea Justin. I did a bit of digging around also and the > Doclet approach you're already using seems the way to go. I didn't come > across any librar

Re: [DISCUSS] Community Meetings

This sounds great Otto, thanks. Jon On Thu, Dec 14, 2017 at 11:24 AM Laurens Vets wrote: > > Sounds good to me :) > > On 2017-12-14 05:59, Otto Fowler wrote: > > Ok, > > > > So we will be concerned with two types of meetings. I’ll take > > responsibility for calling the meetings and ‘moderatio

Re: [DISCUSS] Upcoming Release

ses > > > > * > > > > Files with unapproved licenses: > > > > > > > > > /Users/ottofowler/tmp/release_ver/apache-metron-0.4.2-rc1/metron-interface/metron-alerts/dis

Re: [DISCUSS] Community Meetings

I think this is a great idea. Hangouts works well but last I checked has a user # limitation. I don't have any other good suggestions, sorry, but I'm in to attend. Jon On Mon, Dec 11, 2017, 16:42 Otto Fowler wrote: > I think that we all want to have regular community meetings. We may be > be

Re: [DISCUSS] Upcoming Release

; Bro Plugin to a separate repo. I don't think we've > heard > > from > > > everyone on > > > this. I'd urge everyone to chime in so we can choose > a path > > > forward. > > > > > > If anyone is totally confused in regards to that > discussion, > >

Re: New PMC members

Congratulations, guys! Well deserved by all 3. Jon On Thu, Dec 7, 2017 at 10:48 AM Kyle Richardson wrote: > Congratulations guys! Well deserved. > > -Kyle > > On Thu, Dec 7, 2017 at 10:18 AM, Nick Allen wrote: > > > Congrats to all 3 for joining the PMC! > > > > On Thu, Dec 7, 2017 at 10:12 A

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

05 PM zeo...@gmail.com wrote: > Sounds good. Yes Matt, I will handle my parts now. Thanks everyone > > Jon > > On Thu, Dec 7, 2017 at 2:32 PM Matt Foley wrote: > >> I can start the release process tonight. >> >> >> >> Jon, you mentioned you want to

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

g > more explicit support. Do we have a compelling reason to not do (a)? To be > honest, my main worry is more "If we do (a) are we going to be miserable if > we need to iterate or adjust?" I'm not seeing anything that suggests > anything too terrible, so unless we se

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

the additional repo, while > minimizing changes to our release management process, is to treat the new > repo as a submodule. I fail to see significant downsides to this approach. > A few extract command-line options do not seem overly onerous to me. > > > > Many th

Re: [DISCUSS] Upcoming Release

AM, Nick Allen < > > n...@nickallen.org> wrote: > > > > > Hi Guys - > > > > > > I want to follow-up on this discussion. It sounds like > most > > people are in > > > agreement with the g

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

In an attempt to keep this from becoming unbearably long, I will try to keep my responses short, but I would be happy to elaborate. That's a fairly good timeline and summary, but here are some clarifications in corresponding order: - The plugin history is quite short and you can probably get a go

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

The reason we decided to do that was because it is the best way for it to be used (and thus improved on and quality tested) by the broader bro community. If it's any indication of it's popularity, there was just an email on the bro mailing list about the plugin a few days ago, and I've already rec

Re: [DISCUSS] NPM / Node Problems

Note that I cleaned up the ansible scripts that install C++ 11 in my latest PR <https://github.com/apache/metron/pull/847/files>, but it's not super relevant to this conversation. Jon On Mon, Nov 27, 2017 at 10:42 AM zeo...@gmail.com wrote: > That was also required for bro 2.5.2,

Re: [DISCUSS] NPM / Node Problems

That was also required for bro 2.5.2, so I did that here . Feel free to reuse the approach elsewhere Jon On Mon, Nov 27, 2017 at 10:03 AM Otto Fowler wrote: > First issue is that we need c++ 11 on centos 6.8 > > >

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

necessary, but it > makes things easy to keep track of. That still leaves room for necessary > patches on a given release line. > > If you prefer other approaches, please propose. When we reach consensus, > I can edit the Release Process to document it. > Cheers, > --Matt > &g

Re: [DISCUSS] Upcoming Release

I know we will need lots of help testing and reviewing > >> this > >>one. > >> > >> > >> > >>We also have an outstanding question that needs resolved BEFORE we > >>release. We need to come to a consensus on how to release

Re: master full-dev issues?

Nevermind, user error. Jon On Thu, Nov 16, 2017, 13:00 zeo...@gmail.com wrote: > Anybody else having issues spinning up full-dev? I'm consistently failing > on the Metron Alerts UI install. Spun it up fine yesterday for my other > testing. > > 2017-11-16 17:57:41,772 - Ex

master full-dev issues?

Anybody else having issues spinning up full-dev? I'm consistently failing on the Metron Alerts UI install. Spun it up fine yesterday for my other testing. 2017-11-16 17:57:41,772 - Execution of '/usr/bin/yum -d 0 -e 0 -y install metron-common' returned 1. Error: Nothing to do https://gist.gith

Re: [DISCUSS] Upcoming Release

sible code so that it uses the code directly (like before) instead of > > going to Git and checking it out. > > > > (4) Revert PR #837 because as you pointed out this approach does not work > > well with releases. That would give us enough time to come up with a > > s

Re: [MENTORS][DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

I expect a few version changes up front to add some new features to the package (0.1 for the initial release, 0.{2..n} for some new features, 1.0 when we stabilize) but after that it will probably only be updated to follow kafka/librdkafka updates. Jon On Thu, Nov 16, 2017 at 10:10 AM Otto Fowler

Re: [DISCUSS] Upcoming Release

next release. But I am wary of blocking > the release for that work. No need for you to rush through it. > > Just one man's opinion. Would like to hear feedback from more of the > community. > > > > On Thu, Nov 16, 2017 at 8:01 AM, zeo...@gmail.com > wrote: > &

Re: [DISCUSS] Release Procedure + 'Kafka Plugin for Bro'

I would suggest that we institute a release procedure for the package itself, but I don't think it necessarily has to line up with metron releases (happy to be persuaded otherwise). Then we can just link metron to metron-bro-plugin-kafka by pointing to specific metron-bro-plugin-kafka releases (gi

Re: [DISCUSS] Upcoming Release

My PR is to turn it into a package containing a plugin* On Thu, Nov 16, 2017, 08:01 zeo...@gmail.com wrote: > The way master's full-dev is set up right now is non optimal for the bro > plugin configuration, and I would like to complete the roadmap I outlined > in my discuss t

Re: [DISCUSS] Upcoming Release

ll the previous backend work. > > > > (7) At this point, we should have our best effort at running > Metaalerts > > on Elasticsearch 2.x. I propose that we cut a release here. > > > > (8) After we cut the release, we can introduce the w

Assign METRON-1307 to Brian Hurley and close

I'm unable to find Brian Hurley in the list of assignees, but he was the one who contributed the fix[1]. Can someone assign and close this JIRA? Thanks, Jon 1: https://github.com/apache/metron/pull/835 -- Jon

Re: Committing to the metron-bro-plugin-kafka repo

afka. Jon On Wed, Nov 8, 2017 at 2:57 PM zeo...@gmail.com wrote: > I'm not strongly against it, but my biggest interest was not wasting time > doing something that will get ripped out fairly quickly. That said, > discussing this is taking more time than doing the work, and I should h

Re: Committing to the metron-bro-plugin-kafka repo

ugin to Full Dev from the new repository > > What do you think? > > > > On Wed, Nov 8, 2017 at 11:00 AM zeo...@gmail.com wrote: > > > So, here's my argument against the sub-module approach: > > - If we add a sub-module into apache/metron then the way you clone fro

Re: Committing to the metron-bro-plugin-kafka repo

Add a sub-module pointing to the repo and ensure that the Ansible > deployment to Full Dev can deploy Bro with the Kafka plugin > > > > > > On Tue, Nov 7, 2017 at 9:19 AM, zeo...@gmail.com wrote: > > > So here's an update on this, and I'm looking for any suggest

Re: Committing to the metron-bro-plugin-kafka repo

ed to do before we start accepting enhancements? > > Thanks for the update and all the hard work, Jon. > > On Mon, Nov 6, 2017 at 10:02 PM, zeo...@gmail.com > wrote: > > > Sorry for the delay here - I pushed this out tonight (link > > <https://github.com/apache/met

Re: Committing to the metron-bro-plugin-kafka repo

b.com/JonZeolla/metron-bro-plugin-kafka/pull/1>. Jon On Mon, Sep 18, 2017 at 11:52 AM Nick Allen wrote: > Nice! Looks good to me. > > > > > > > On Mon, Sep 18, 2017 at 11:35 AM zeo...@gmail.com > wrote: > > > Okay, I took a stab at it this morning, ca

Re: [DISCUSS] Upcoming Release

I agree, I think it's very reasonable to move in line with Nick's proposal. I would also suggest that we outline what the target versions would be to add in the METRON-777 components, since it has been functional for a very long time but not reviewed and has some really rockstar improvements. Jon

Re: [DISCUSS] - Remove Kibana

I'm probably okay with marking it as deprecated in two releases (after moving to 5.x, thus not really helping with the migration), but it depends a lot on increased functionality for the metron alerts UI IMO. Jon On Wed, Nov 1, 2017 at 12:51 PM Otto Fowler wrote: > I don’t think we should remov

Re: [DISCUSS] Release Process Update

5 > Rational in > https://issues.apache.org/jira/browse/METRON-1278 > > Thanks, > --Matt > > On 10/24/17, 5:37 AM, "zeo...@gmail.com" wrote: > > Hmm, I kind of like it as a historical validation/confirmation of build > success, but I c

Re: [DISCUSS] Release Process Update

MEs to > make > > them > > suitable for site-book. At that point it's just gone entirely. from > > the > > next release. > > > > Doesn't solve the problem of prior releases (assuming we care enough > > to do > > anything). >

[DISCUSS] Release Process Update

Today I was poking around the Metron site and documentation, and I noticed that the site-book's travis build status image is pointing to master for all of our releases. We should probably update the release process to pin this to

Re: new committer: Raghu Mitra

Congratulations, Raghu! Jon On Fri, Oct 20, 2017, 12:11 Simon Elliston Ball wrote: > Congratulations Raghu. Well deserved with all that awesome UI work that’s > coming in. > > Simon > > > On 20 Oct 2017, at 17:10, James Sirota wrote: > > > > > > > > The Project Management Committee (PMC) for A

Re: Suricata parser

I would love to see one, and if it doesn't exist in the next few weeks I'm going to take a stab at it. Jon On Mon, Sep 25, 2017, 09:49 Carolyn Duby wrote: > > Is anyone working on a Suricata parser? > > https://suricata-ids.org/ > > > I was not able to find an enhancement request for it. > > Th

Re: Metron 0.4.2 release date

Elasticsearch, I am looking for the support from the client side > rather than a full Metron mpack that includes ES 5.x. As long as Metron > Alert-UI and indexing can support ES 5, I am fine. Is that the scope of > Metron-939? > > Cheers, > Ali > > On Mon, Oct 9, 2017 at 1

Re: Metron 0.4.2 release date

As of right now I'm not aware of any discussions regarding a next release, and I believe the METRON-777 features are at least a few months out from being reviewed and merged in (There is a fair amount of work in chunking it up to be reviewed, then work to review and merge it in). ES 5.x is also in

Re: who is having problems installing?

hem more consumable. The problem > with videos is that they become out of date very quickly and it's a lot of > effort to re-record them. > > Thanks, > James > > 06.10.2017, 11:05, "zeo...@gmail.com" : > > To generalize a bit, I think it would be hel

Re: who is having problems installing?

To generalize a bit, I think it would be helpful to have a single or series of recordings, write-ups, or even just pointers to some good high-level docs to introduce people to each component used in Metron, and then a description of how it's used in the Metron environment. I know I spend a lot of

Re: Quick Dev

I say we kill it and repoint the site. That will give us one less thing to upgrade to centos 7 as well. Jon On Fri, Oct 6, 2017, 08:27 Justin Leet wrote: > So what are we going to do with Quick Dev? I'm pretty sure everybody's > been using full dev for awhile now (and quick dev is probably br

Re: SUM aggregator not working?

You're right, with ES 5 we can use periods directly instead of transforming them in indexing to colons (actually, this feature was reintroduced sin 2.4 ). I outlined this as a benefit in the original JIRA

Re: [DISCUSS] Build broken due to transitive dependencies

Hmm, 0.4.1 built fine for me. Jon On Mon, Oct 2, 2017 at 10:44 AM Casey Stella wrote: > Ok, the build is broken in metron-config due to some transitive changes > that happened in npm-land: > > [INFO] > > /Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-con

Re: [DISCUSS] Community meeting on Tuesday, Sept.23 10AM PST

a decision > > Thanks, > James > > 25.09.2017, 08:27, "Otto Fowler" : > > https://youtu.be/-ISycoP3TVA > > > > The video is short and simple. Hopefully it is what you are looking for. > > > > On September 21, 2017 at 16:54:13, zeo...@gmail.com (z

Re: [DISCUSS] Community meeting on Tuesday, Sept.23 10AM PST

I won't be able to make it and would really like to make sure there's a recording for this one, if possible. I'm unavailable until Thursday of next week, but not necessarily suggesting this gets moved. Jon On Thu, Sep 21, 2017, 15:04 Otto Fowler wrote: > I can’t make that time, can we make it

Re: feature branch bumps

But wait, I thought we had established that this was such a fundamental change that it was hard to chunk it out and keep master working. Jon On Wed, Sep 20, 2017 at 3:08 PM Nick Allen wrote: > > Otto: Well, if there is an alternative merge strategy, I’m all ears. > > Yes, the alternative strate

Re: [DISUCUSS] [CALL FOR COMMENT] Metron parsers as actual extensions

Per our prior conversations, I prefer option 2 - treating third party and built-in the same way. I would love to see signing of extensions in the future as a potential follow-on so we could verify the Metron built-ins (and even third parties). Jon On Wed, Sep 20, 2017 at 10:22 AM Otto Fowler wr

Re: [GitHub] metron issue #760: METRON-1188: Ambari global configuration management broke...

Spun up fine now, thanks. On Tue, Sep 19, 2017, 14:09 mmiklavc wrote: > Github user mmiklavc commented on the issue: > > https://github.com/apache/metron/pull/760 > > A @JonZeolla fixing it now. Sorry about that - I missed one of the > "patch_path -> patch_file" arg changes in the mp

Re: [ANNOUNCE] Apache Metron Release 0.4.1

Great job everybody, this is a really top notch release. Well done Jon On Tue, Sep 19, 2017, 15:53 Otto Fowler wrote: > Congratulations everyone, great job. Thank you Matt! > > > On September 19, 2017 at 15:22:21, Matt Foley (ma...@apache.org) wrote: > > I’m very happy to announce the public

Re: Committing to the metron-bro-plugin-kafka repo

Okay, I took a stab at it this morning, can I get a double check before pushing it out? The latest commit would be opened as a PR. https://github.com/JonZeolla/metron-bro-plugin-kafka/tree/dev Jon On Fri, Sep 15, 2017 at 12:54 PM zeo...@gmail.com wrote: > Good point, I can take that task

Re: Committing to the metron-bro-plugin-kafka repo

ry too. I'm sure > there is a way to do it, but would have to research a bit. Then we apply > your changes on top of that. > > Thanks > > On Thu, Sep 14, 2017 at 1:36 AM, zeo...@gmail.com > wrote: > > > So, I've been working on METRON-813 > > <https:

Committing to the metron-bro-plugin-kafka repo

So, I've been working on METRON-813 lately and I have an initial run at it ready to go here (squashed history, see a better history there

Re: [VOTE] Metron Release Candidate 0.4.1-RC4

+1 (binding) - Verified the signature - Verified all hashes - mvn -q -T 2C surefire:test@unit-tests && mvn -q surefire:test@integration-tests && mvn -q test --projects metron-interface/metron-config && build_utils/verify_licenses.sh - Spun up full-dev - Manually reviewed the site-book. Found some

Unclear recent commit

I was looking through some of the recent commits and I noticed this[1], anybody know what the back story is there? 1: https://github.com/apache/metron/commit/c8e84fa3be89901013168d15df38b8a58265148a Jon -- Jon

Re: Ambari Metrics Collector failing...

r 0.4.1? Also, should I create JIRA > ticket? > > On 2017-09-06 16:45, zeo...@gmail.com wrote: > > I'm seeing the same issue right now as well on my fresh bare metal > > install > > of HDP (no Metron yet), haven't dug into it further to troubleshoot. > &

Re: Ambari Metrics Collector failing...

I'm seeing the same issue right now as well on my fresh bare metal install of HDP (no Metron yet), haven't dug into it further to troubleshoot. Jon On Wed, Sep 6, 2017, 18:22 Laurens Vets wrote: > In preparation of 0.4.1-rc, I'm trying to install the current github > master and I'm running into

Re: [DISCUSS] Metron release 0.4.1

> > >Jon and Anand, will they be in by end/day Friday? > >Thanks, > >--Matt > > > >On 8/31/17, 7:45 AM, "Nick Allen" wrote: > > > >Matt, et al - For JIRAs that are going into master, should we be > marking > >these as "Ne

Re: [ANNOUNCE] Metron community meeting

ive > >> > people > >> > >>> in India and Europe a chance to attend live. > >> > >>> > >> > >>> So lets move it to the same time tomorrow > >> > >>> > >> > >>> I would like to schedule

Re: [DISCUSS] Metron release 0.4.1

be > marking > these as "Next + 1" or "0.4.1" ? > > On Thu, Aug 31, 2017 at 8:17 AM zeo...@gmail.com > wrote: > > > Can I advocate to get METRON-1129 in the RC, and throw in a second > vote for > > METRON-1134? Both in an at

Re: [DISCUSS] Metron release 0.4.1

Can I advocate to get METRON-1129 in the RC, and throw in a second vote for METRON-1134? Both in an attempt to better support of prod/offline use. Happy to provide testing cycles for the former. Jon On Wed, Aug 30, 2017 at 11:41 AM Anand Subramanian < asubraman...@hortonworks.com> wrote: > Hi M

Re: [DISCUSS] METRON-777 and the road to perditi... er enlightenment

This is all great stuff. As far as feature branch naming, I would suggest something like feature/$brief_explanation accompanied with a feature branch JIRA that explains the original intent of the branch and its goals/"complete" indicators. Along the lines of the FEATURE.md, I feel like at the ver

Re: [DISCUSS] Synopsis of Community Meeting on 8/22/2017

there. > > On the general feature direction and requests, it would be great to hear > from everyone on thoughts for future direction and things they might want > to see in the project. Perhaps we should have a discuss thread to capture > wish lists. > > Thoughts? > > Simo

Re: [DISCUSS] Synopsis of Community Meeting on 8/22/2017

Was there any discussion about future features of Metron aside from 777/942? In the initial announce thread the agenda mentioned where want to take the project long-term and feature requests and comments on existing features. My thoughts on the topic are that I would like to see a move quickly aft

Re: [ANNOUNCE] Metron community meeting

t; > For global callers: > > > https://hortonworks.webex.com/hortonworks/globalcallin.php?serviceType=MC&ED=590161912&tollFree=1 > > Thanks, > James > > 18.08.2017, 11:02, "zeo...@gmail.com" : > > Is it possible to reschedule this to later in

Re: [ANNOUNCE] Metron community meeting

Is it possible to reschedule this to later in the day or another day? That overlaps with the eclipse on the east cost of the US that some people would like to enjoy. Jon On Fri, Aug 18, 2017, 13:48 James Sirota wrote: > I would like to propose a meeting with the following set of topics: > > -

Re: [Question] Stopping Storm, Metron & Kafka doesn't stop all Storm processes?

where there's a big pileup of messages which Metron > suddenly can't process. > > Any ideas on how to further troubleshoot this? > > On 2017-08-17 11:10, zeo...@gmail.com wrote: > > I used to run into similar issues when my environment was resource > > constrain

Re: [Question] Stopping Storm, Metron & Kafka doesn't stop all Storm processes?

I used to run into similar issues when my environment was resource constrained but never ran it to root cause. It has been a long time since I was in this scenario to re-test. https://issues.apache.org/jira/projects/METRON/issues/METRON-485 Jon On Thu, Aug 17, 2017 at 12:49 PM Laurens Vets wro

Re: Metron Alerts bombing in Travis?

Master is failing with that right now. https://travis-ci.org/apache/metron#L2637 Jon On Fri, Aug 11, 2017 at 9:21 AM Otto Fowler wrote: > Has anyone seen this error in travis? I am going to delete my caches and > try again : > > > [ERROR] npm ERR! Linux 4.4.0-83-generic > > [ERROR] npm ERR! a

Re: Upgrade vagrant base to centos 7

/metron/blob/master/metron-deployment/packaging/packer-build/README.md > . > > -D... > > > On Sun, Aug 6, 2017 at 10:34 AM, Otto Fowler > wrote: > > > https://issues.apache.org/jira/browse/METRON-667 > > > > > > > > On August 6, 2017 at 08

Upgrade vagrant base to centos 7

I'm working on a few updates/changes to the bro portions of Metron, in preparation for BroCon in September. I'm running into a couple of dependency issues which would be most cleanly resolved by a move to a centos 7 base, so I was going to take on ME

Re: [DISCUSS] Easing the ramp-up into contributing

I'm totally in agreement here, and I would add to the list the migration from the wiki to the site-book. There were some prior email conversations on this, some of which I started and then didn't follow up on, but I see this as pretty important and I'm still interested in doing the work/helping as

Re: [DISCUSS] Relocate Docker

I agree to moving it to a contrib or contrib-like area. Jon On Thu, Jul 13, 2017 at 12:38 PM Kyle Richardson wrote: > I completely support the idea of moving metron-docker down in the tree. I > do like the idea of a contrib/ area for things like this that are not as > frequently updated or main

Re: [Request for Consensus Approval] dev branch for Stellar additional work

That all sounds pretty reasonable to me. My biggest concern would be attribution during step 5 - we would need to make sure it isn't squash merged like we typically do (assuming we do properly squash merge into the speculative branch). Not a big issue though, I guess, just need to make sure it is

Re: [DISCUSS] Mutation of Indexed Data

The key should be a solved problem as of METRON-765 , right? It provides a single key for a given message that globally stored with the message, regardless of where/how. Jon On Thu, Jun 22, 2017 at 9:01 AM Justin L

Re: [Discussion] About the wiki….

I suggested in the past and got some buy in, but never had time to move everything into GitHub. I vote to mostly or entirely archive the wiki. Jon On Tue, Jun 13, 2017, 5:19 PM Laurens Vets wrote: > On 2017-06-13 14:09, Otto Fowler wrote: > > I think there are things in the wiki that are very

Re: Installation problem with Docker and processor that does not support virtualization

gt; > The only workaround that I found is to use AWS directly but for me that I > have never used Mentor it could be a so big step... > > So the question is, do I lose many things if I start with Mentor 0.3.1 > into a single VM without Docker? > > Best regards, > > Simo

Re: Installation problem with Docker and processor that does not support virtualization

my experiments (I do have to test some ML algo's) and improve my > knowledge on this tool that installation should be enough. > > What do you think about? > > Thanks. > > Simone > > > Il 7 giugno 2017 alle 23.32 "zeo...@gmail.com" ha > scritto: &g

Re: Installation problem with Docker and processor that does not support virtualization

If your processor doesn't support virtualization right now I would suggest looking into if it is simply disabled in your BIOS/UEFI (most processers have supported this for 10+ years, excluding some processors of course). Docker is integrated into the build process right now and is considered mandat

Re: [INCOMING] Metron 0.4.0 release (RC3)

What about 976, which follows the Kerberized trend for this release? Jon On Thu, Jun 1, 2017, 6:03 PM Nick Allen wrote: > Sounds good, Matt. Looking forward to cutting this release. > > On Thu, Jun 1, 2017 at 5:17 PM, Matt Foley wrote: > > > Hi all, > > > > Now that METRON-844 is in, I plan t

METRON-777

I was wondering, is anybody planning to or currently taking a look at Metron 777? I think this is a great contribution and very important to improving the usability of the platform (along with some of it's follow on PRs). I would be happy to help with functional testing and security static code a

Re: [DISCUSS] Metron IRC channel

AFAIK it gives full edit capabilities to the bot, and allows delegation of additional access to others. https://wilderness.apache.org/manual.html#karma Jon On Wed, May 24, 2017 at 4:05 PM Otto Fowler wrote: > What is the karma for? > > > On May 24, 2017 at 14:49:32, zeo...@gm

Re: [DISCUSS] Metron IRC channel

he METRON JIRA tickets. Finally, can we establish `cstella` as having Level 10 Karma in the config? Thanks. Jon On Tue, May 2, 2017 at 8:54 AM zeo...@gmail.com wrote: > Per the INFRA ticket, perhaps we should reopen and ask for what we > mentioned above? > > Jon > > On Sun

Re: [Discuss] Cyber Security Asset Management for Metron

I would be very interested in a graph db that could leverage the ip_src_addr and ip_dst_addr fields in a broad sense (who is talking to who, visualize top talkers, etc.). In order to be very useful it would need to have the ability to apply filters (IPs, ports, connection durations, bytes transfer

Re: [DISCUSS] Enrichment Split/Join issues

The field stub also gives something that can potentially be used in the error dashboard (or similar) to graph, allowing failed enrichments to "shout" louder to the end user. Jon On Tue, May 16, 2017 at 12:34 PM Nick Allen wrote: > > but also adds a field stub to indicate failed enrichment. This

Re: we currently have 31 PR’s that are not landed

Assuming the unincubating process is almost completed (I don't know if that's true or not), I think there are some simple, obvious priorities based on our pending 0.4.0 release. Things like METRON-833, METRON-819, and METRON-953 should probably get finalized and merged in asap. Also, we have some

Re: integration testing framework

The standard has been centos6 for installing Metron up to this point. There are some Ubuntu guides floating around as well. Jon On Mon, May 15, 2017, 8:07 AM moshe jarusalem wrote: > I would like to ask another question related to this topic. > If I am going to install metron on a single machin

Infosec training (including Metron)

If anybody is interested, I'll be touching on Metron as a part of some security training I'll be doing as at BSides Pittsburgh 2017 on June 8th (main conference is June 9). It's a whole day of infosec training for only $100, feel free to come check it out! https://www.bsidespgh.com/training/ Jon

Re: Why bro parser allows periods in keys?

urce. There should never be any reason to combine ES and HDFS indexing, > unless there is a use case I’m missing... > > Simon > > > > On 9 May 2017, at 15:00, zeo...@gmail.com wrote: > > > > Have we ever considered the use case where we might want to compare data >

Re: Why bro parser allows periods in keys?

done in the indexers > anyways. > > On Tue, May 9, 2017 at 9:41 AM, zeo...@gmail.com wrote: > > > Is there a reason why the bro parser allows periods > > <https://github.com/apache/incubator-metron/blob/master/ > > metron-platform/metron-parsers/src/main/java/org/ >

Why bro parser allows periods in keys?

Is there a reason why the bro parser allows periods in the keys if we can't index it (ES 2.3.3 does not allow periods in indexes)? Would anybody

Re: [DISCUSS] Code Style

+1 definitely a good idea On Mon, May 8, 2017, 9:07 PM Michael Miklavcic wrote: > +1 Justin. Thanks. > > On Mon, May 8, 2017 at 2:55 PM, Matt Foley wrote: > > > +1. I originally suggested the Sun style as a starting point, and I find > > Justin’s arguments convincing, especially if there is a

Re: Parser Docs

Definitely worthwhile. I discussed something similar (but more general) a little while back here . Totally worth the effort IMO. Jon On Mon, May 8, 2017 at 7:36 PM Casey Ste

Re: [DISCUSS] Update Metron Release Documentation

de accessible similarly. > > --Matt > > On 5/1/17, 9:20 AM, "Nick Allen" wrote: > > One major benefit of the site-book is that we can maintain docs for > previous releases of Metron. Unless there is a major technical hurdle, > I > think we should d

Re: [CALL FOR TEST DATA] Request help identifying public domain or opensource test data sets for Metron testing

I completely missed this email the first time around. I would be happy to help as well - actually as a part of testing some changes to the bro parts in Metron I have been using a few public datasets, and will be adding some into the bro tests for logs other than dns and http. Jon On Thu, May 4,

<    1   2   3   >