Re: Cloudtrail use case
I agree. That's the right place to put them 06.10.2017, 06:26, "Casey Stella" <ceste...@gmail.com>: > There is actually a use-cases top level directory with worked examples in > them. They get picked up by the doc book too! I'd suggest putting it > there, thoughts? > > On Fri, Oct 6, 2017 at 8:44 AM, Nick Allen <n...@nickallen.org> wrote: > >> Yes, agreed, Justin. I guess my main point to Laurens was meant to be that >> the actual destination of the use case should be the least of our worries. >> However Laurens wants to write it up will work. If you type it up, throw it >> in an envelope, seal it with a stamp, and physically mail it to me, I will >> make sure it lands in the right place. :) >> >> On Thu, Oct 5, 2017 at 9:20 PM Justin Leet <justinjl...@gmail.com> wrote: >> >> > I know we've had discussions about migrating stuff into docs before. It >> > might be worth resurrecting a more use case focused version of that, >> > instead of starting on the wiki. I assume the end goal is availability >> in >> > the site-book, so even if it's not in a perfect place, I'd rather the >> > effort be spent on making it pretty there. >> > >> > I think there's a few floating around that could use a home, so the >> > discussion might make life easier for multiple things. Some from the >> wiki, >> > some from random READMEs we could relocate and link, some from >> > presentations and so on. >> > >> > Having said all that, I know discuss threads can take a few days to >> > resolve, so wiki and then convert might be the lesser of two evils. >> > >> > >> > On Thu, Oct 5, 2017 at 6:54 PM, Nick Allen <n...@nickallen.org> wrote: >> > >> > > We don't really have a location in the source code for use cases like >> > this >> > > right now. But I think it is so important that we get use cases like >> > this >> > > published somewhere. For now, you could add this to the Wiki. Then >> > later >> > > on we can figure out how to handle that. >> > > >> > > On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laur...@daemon.be> >> wrote: >> > > >> > > > On 2017-10-05 15:45, Laurens Vets wrote: >> > > > >> > > >> Hi, >> > > >> >> > > >> Would anyone be interested in adding a full AWS Cloudtrail use case >> to >> > > >> the Metron documentation? I would roughly consist of: >> > > >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and >> > > >> send it to Metron via Kafka. >> > > >> - Complete Metron sensor configuration (enrichment, alerting, >> etc...) >> > > for >> > > >> this. >> > > >> >> > > > >> > > > Sent too soon :( >> > > > >> > > > If anyone would be interested in this documentation, where would add >> > this >> > > > in the source? >> > > > >> > > >> > --- Thank you, James Sirota PPMC- Apache Metron (Incubating) jsirota AT apache DOT org
Re: Cloudtrail use case
I totally forgot you added that. 100% think it belongs there. On Fri, Oct 6, 2017 at 9:26 AM, Casey Stella <ceste...@gmail.com> wrote: > There is actually a use-cases top level directory with worked examples in > them. They get picked up by the doc book too! I'd suggest putting it > there, thoughts? > > On Fri, Oct 6, 2017 at 8:44 AM, Nick Allen <n...@nickallen.org> wrote: > > > Yes, agreed, Justin. I guess my main point to Laurens was meant to be > that > > the actual destination of the use case should be the least of our > worries. > > However Laurens wants to write it up will work. If you type it up, throw > it > > in an envelope, seal it with a stamp, and physically mail it to me, I > will > > make sure it lands in the right place. :) > > > > > > > > On Thu, Oct 5, 2017 at 9:20 PM Justin Leet <justinjl...@gmail.com> > wrote: > > > > > I know we've had discussions about migrating stuff into docs before. > It > > > might be worth resurrecting a more use case focused version of that, > > > instead of starting on the wiki. I assume the end goal is availability > > in > > > the site-book, so even if it's not in a perfect place, I'd rather the > > > effort be spent on making it pretty there. > > > > > > I think there's a few floating around that could use a home, so the > > > discussion might make life easier for multiple things. Some from the > > wiki, > > > some from random READMEs we could relocate and link, some from > > > presentations and so on. > > > > > > Having said all that, I know discuss threads can take a few days to > > > resolve, so wiki and then convert might be the lesser of two evils. > > > > > > > > > On Thu, Oct 5, 2017 at 6:54 PM, Nick Allen <n...@nickallen.org> wrote: > > > > > > > We don't really have a location in the source code for use cases like > > > this > > > > right now. But I think it is so important that we get use cases like > > > this > > > > published somewhere. For now, you could add this to the Wiki. Then > > > later > > > > on we can figure out how to handle that. > > > > > > > > On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laur...@daemon.be> > > wrote: > > > > > > > > > On 2017-10-05 15:45, Laurens Vets wrote: > > > > > > > > > >> Hi, > > > > >> > > > > >> Would anyone be interested in adding a full AWS Cloudtrail use > case > > to > > > > >> the Metron documentation? I would roughly consist of: > > > > >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 > and > > > > >> send it to Metron via Kafka. > > > > >> - Complete Metron sensor configuration (enrichment, alerting, > > etc...) > > > > for > > > > >> this. > > > > >> > > > > > > > > > > Sent too soon :( > > > > > > > > > > If anyone would be interested in this documentation, where would > add > > > this > > > > > in the source? > > > > > > > > > > > > > > >
Re: Cloudtrail use case
There is actually a use-cases top level directory with worked examples in them. They get picked up by the doc book too! I'd suggest putting it there, thoughts? On Fri, Oct 6, 2017 at 8:44 AM, Nick Allen <n...@nickallen.org> wrote: > Yes, agreed, Justin. I guess my main point to Laurens was meant to be that > the actual destination of the use case should be the least of our worries. > However Laurens wants to write it up will work. If you type it up, throw it > in an envelope, seal it with a stamp, and physically mail it to me, I will > make sure it lands in the right place. :) > > > > On Thu, Oct 5, 2017 at 9:20 PM Justin Leet <justinjl...@gmail.com> wrote: > > > I know we've had discussions about migrating stuff into docs before. It > > might be worth resurrecting a more use case focused version of that, > > instead of starting on the wiki. I assume the end goal is availability > in > > the site-book, so even if it's not in a perfect place, I'd rather the > > effort be spent on making it pretty there. > > > > I think there's a few floating around that could use a home, so the > > discussion might make life easier for multiple things. Some from the > wiki, > > some from random READMEs we could relocate and link, some from > > presentations and so on. > > > > Having said all that, I know discuss threads can take a few days to > > resolve, so wiki and then convert might be the lesser of two evils. > > > > > > On Thu, Oct 5, 2017 at 6:54 PM, Nick Allen <n...@nickallen.org> wrote: > > > > > We don't really have a location in the source code for use cases like > > this > > > right now. But I think it is so important that we get use cases like > > this > > > published somewhere. For now, you could add this to the Wiki. Then > > later > > > on we can figure out how to handle that. > > > > > > On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laur...@daemon.be> > wrote: > > > > > > > On 2017-10-05 15:45, Laurens Vets wrote: > > > > > > > >> Hi, > > > >> > > > >> Would anyone be interested in adding a full AWS Cloudtrail use case > to > > > >> the Metron documentation? I would roughly consist of: > > > >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and > > > >> send it to Metron via Kafka. > > > >> - Complete Metron sensor configuration (enrichment, alerting, > etc...) > > > for > > > >> this. > > > >> > > > > > > > > Sent too soon :( > > > > > > > > If anyone would be interested in this documentation, where would add > > this > > > > in the source? > > > > > > > > > >
Re: Cloudtrail use case
Yes, agreed, Justin. I guess my main point to Laurens was meant to be that the actual destination of the use case should be the least of our worries. However Laurens wants to write it up will work. If you type it up, throw it in an envelope, seal it with a stamp, and physically mail it to me, I will make sure it lands in the right place. :) On Thu, Oct 5, 2017 at 9:20 PM Justin Leet <justinjl...@gmail.com> wrote: > I know we've had discussions about migrating stuff into docs before. It > might be worth resurrecting a more use case focused version of that, > instead of starting on the wiki. I assume the end goal is availability in > the site-book, so even if it's not in a perfect place, I'd rather the > effort be spent on making it pretty there. > > I think there's a few floating around that could use a home, so the > discussion might make life easier for multiple things. Some from the wiki, > some from random READMEs we could relocate and link, some from > presentations and so on. > > Having said all that, I know discuss threads can take a few days to > resolve, so wiki and then convert might be the lesser of two evils. > > > On Thu, Oct 5, 2017 at 6:54 PM, Nick Allen <n...@nickallen.org> wrote: > > > We don't really have a location in the source code for use cases like > this > > right now. But I think it is so important that we get use cases like > this > > published somewhere. For now, you could add this to the Wiki. Then > later > > on we can figure out how to handle that. > > > > On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laur...@daemon.be> wrote: > > > > > On 2017-10-05 15:45, Laurens Vets wrote: > > > > > >> Hi, > > >> > > >> Would anyone be interested in adding a full AWS Cloudtrail use case to > > >> the Metron documentation? I would roughly consist of: > > >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and > > >> send it to Metron via Kafka. > > >> - Complete Metron sensor configuration (enrichment, alerting, etc...) > > for > > >> this. > > >> > > > > > > Sent too soon :( > > > > > > If anyone would be interested in this documentation, where would add > this > > > in the source? > > > > > >
Re: Cloudtrail use case
I know we've had discussions about migrating stuff into docs before. It might be worth resurrecting a more use case focused version of that, instead of starting on the wiki. I assume the end goal is availability in the site-book, so even if it's not in a perfect place, I'd rather the effort be spent on making it pretty there. I think there's a few floating around that could use a home, so the discussion might make life easier for multiple things. Some from the wiki, some from random READMEs we could relocate and link, some from presentations and so on. Having said all that, I know discuss threads can take a few days to resolve, so wiki and then convert might be the lesser of two evils. On Thu, Oct 5, 2017 at 6:54 PM, Nick Allen <n...@nickallen.org> wrote: > We don't really have a location in the source code for use cases like this > right now. But I think it is so important that we get use cases like this > published somewhere. For now, you could add this to the Wiki. Then later > on we can figure out how to handle that. > > On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laur...@daemon.be> wrote: > > > On 2017-10-05 15:45, Laurens Vets wrote: > > > >> Hi, > >> > >> Would anyone be interested in adding a full AWS Cloudtrail use case to > >> the Metron documentation? I would roughly consist of: > >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and > >> send it to Metron via Kafka. > >> - Complete Metron sensor configuration (enrichment, alerting, etc...) > for > >> this. > >> > > > > Sent too soon :( > > > > If anyone would be interested in this documentation, where would add this > > in the source? > > >
Re: Cloudtrail use case
We don't really have a location in the source code for use cases like this right now. But I think it is so important that we get use cases like this published somewhere. For now, you could add this to the Wiki. Then later on we can figure out how to handle that. On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laur...@daemon.be> wrote: > On 2017-10-05 15:45, Laurens Vets wrote: > >> Hi, >> >> Would anyone be interested in adding a full AWS Cloudtrail use case to >> the Metron documentation? I would roughly consist of: >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and >> send it to Metron via Kafka. >> - Complete Metron sensor configuration (enrichment, alerting, etc...) for >> this. >> > > Sent too soon :( > > If anyone would be interested in this documentation, where would add this > in the source? >
Re: Cloudtrail use case
Yes, that's what I meant :) I sent my mail too soon. On 2017-10-05 15:48, Nick Allen wrote: If you mean that you would be willing to do the work, then yes absolutely! I think that would be great. :) On Thu, Oct 5, 2017 at 6:45 PM, Laurens Vets <laur...@daemon.be> wrote: Hi, Would anyone be interested in adding a full AWS Cloudtrail use case to the Metron documentation? I would roughly consist of: - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and send it to Metron via Kafka. - Complete Metron sensor configuration (enrichment, alerting, etc...) for this.
Re: Cloudtrail use case
On 2017-10-05 15:45, Laurens Vets wrote: Hi, Would anyone be interested in adding a full AWS Cloudtrail use case to the Metron documentation? I would roughly consist of: - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and send it to Metron via Kafka. - Complete Metron sensor configuration (enrichment, alerting, etc...) for this. Sent too soon :( If anyone would be interested in this documentation, where would add this in the source?
Re: Cloudtrail use case
If you mean that you would be willing to do the work, then yes absolutely! I think that would be great. :) On Thu, Oct 5, 2017 at 6:45 PM, Laurens Vets <laur...@daemon.be> wrote: > Hi, > > Would anyone be interested in adding a full AWS Cloudtrail use case to the > Metron documentation? I would roughly consist of: > - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and send > it to Metron via Kafka. > - Complete Metron sensor configuration (enrichment, alerting, etc...) for > this. >
Cloudtrail use case
Hi, Would anyone be interested in adding a full AWS Cloudtrail use case to the Metron documentation? I would roughly consist of: - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and send it to Metron via Kafka. - Complete Metron sensor configuration (enrichment, alerting, etc...) for this.
