Re: Having more than one use case on a Metron instance
Not at present, no, but you can just open multiple instances. Saved searches are also per user, so that might provide a workaround. Simon On Wed, 19 Feb 2020 at 16:23, Euan Hope wrote: > Thanks so much for the quick feedback. I will put this forward to the > client. > > To gain a sense of what is possible, is there possibly a way to configure > more tabs in the Alerts UI (for example, there is the PCAP tab available in > our UI)? > > Or possibly as another alternative, is it possible to configure different > Alerts UI for different users. Say for example that user A can only access > Alerts UI A, user B can only access Alerts UI B? > > Thanks again for your input, it is very much appreciated. > > On Wed, Feb 19, 2020 at 5:59 PM Simon Elliston Ball < > si...@simonellistonball.com> wrote: > >> I would suggest using saved searches, which also remember the selected >> columns. >> >> Simon >> >> On Wed, 19 Feb 2020 at 15:51, Euan Hope wrote: >> >>> Hi again Metron community. >>> >>> Sorry to post another question in such quick succession. >>> >>> Our client has asked us to implement another use case on the Metron >>> instance we have set up for them. This new use case uses similar data to >>> the original use case but the threat triage rules for scoring the records >>> are very different. >>> >>> The request was to have another tab in the Alerts UI so that the >>> different SOC analysts could use different screens for the different use >>> cases. >>> >>> Is there any way to configure this? And if not, does anyone in the >>> community have suggestions on how to approach this? >>> >>> Thanks in advance for the help. >>> >> -- >> -- >> simon elliston ball >> @sireb >> > -- -- simon elliston ball @sireb
Re: Having more than one use case on a Metron instance
Thanks so much for the quick feedback. I will put this forward to the client. To gain a sense of what is possible, is there possibly a way to configure more tabs in the Alerts UI (for example, there is the PCAP tab available in our UI)? Or possibly as another alternative, is it possible to configure different Alerts UI for different users. Say for example that user A can only access Alerts UI A, user B can only access Alerts UI B? Thanks again for your input, it is very much appreciated. On Wed, Feb 19, 2020 at 5:59 PM Simon Elliston Ball < si...@simonellistonball.com> wrote: > I would suggest using saved searches, which also remember the selected > columns. > > Simon > > On Wed, 19 Feb 2020 at 15:51, Euan Hope wrote: > >> Hi again Metron community. >> >> Sorry to post another question in such quick succession. >> >> Our client has asked us to implement another use case on the Metron >> instance we have set up for them. This new use case uses similar data to >> the original use case but the threat triage rules for scoring the records >> are very different. >> >> The request was to have another tab in the Alerts UI so that the >> different SOC analysts could use different screens for the different use >> cases. >> >> Is there any way to configure this? And if not, does anyone in the >> community have suggestions on how to approach this? >> >> Thanks in advance for the help. >> > -- > -- > simon elliston ball > @sireb >
Re: Having more than one use case on a Metron instance
I would suggest using saved searches, which also remember the selected columns. Simon On Wed, 19 Feb 2020 at 15:51, Euan Hope wrote: > Hi again Metron community. > > Sorry to post another question in such quick succession. > > Our client has asked us to implement another use case on the Metron > instance we have set up for them. This new use case uses similar data to > the original use case but the threat triage rules for scoring the records > are very different. > > The request was to have another tab in the Alerts UI so that the different > SOC analysts could use different screens for the different use cases. > > Is there any way to configure this? And if not, does anyone in the > community have suggestions on how to approach this? > > Thanks in advance for the help. > -- -- simon elliston ball @sireb
Having more than one use case on a Metron instance
Hi again Metron community. Sorry to post another question in such quick succession. Our client has asked us to implement another use case on the Metron instance we have set up for them. This new use case uses similar data to the original use case but the threat triage rules for scoring the records are very different. The request was to have another tab in the Alerts UI so that the different SOC analysts could use different screens for the different use cases. Is there any way to configure this? And if not, does anyone in the community have suggestions on how to approach this? Thanks in advance for the help.
Re: Alerts UI user metrics dashboard
Thank you so much for the help with this. We applied these suggestions and this provided the information that would be needed for the user metrics dashboard. Thanks again for your help with this. On 2020/02/15 16:52:25, Nick Allen wrote: > Try enabling debug logging for the REST service. You should be able to add > this option under Ambari > Metron > Config > REST. > > --logging.level.org.apache.metron.rest=DEBUG > --logging.level.org.springframework.security=DEBUG > > After restarting the REST service, you should find some auth related > logging in /var/log/metron/metron-rest.log that will include the users that > have logged in. > > > > > On Fri, Feb 14, 2020 at 11:45 PM Euan Hope wrote: > > > Hello Metron community. > > > > Is it possible to get information that shows which users have logged into > > the Metron Alerts UI? We would like to create a dashboard with metrics of > > usage of the Metron Alerts UI. > > > > Hoping there might be someone that can share some insight regarding this. > > > > Thank you! > > >