Re: [VOTE] Move Apache Metron to the Apache Attic and Dissolve PMC

+1 -- Jon Zeolla @jonzeolla PittSec | BSidesPGH | SteelCityInfoSec On Mon, Nov 16, 2020, 11:33 AM Casey Stella wrote: > +1 > > On Mon, Nov 16, 2020 at 09:01 Justin Leet wrote: > > > Hi all, > > > > This is a vote thread to retire Metron to the Attic, and dissolve the > PMC. > > This follows

Re: [DISCUSS] Retire Metron to the Attic

I also agree with a move to the attic. +1 to Otto's comment about forking the kafka plugin. -- Jon Zeolla @jonzeolla PittSec | BsidesPGH | SteelCityInfoSec On Mon, Nov 9, 2020 at 1:30 PM Otto Fowler wrote: > I am in support of this as well, > > We have substantial work to do to get metron

Re: Any relation to Spot?

Nope, different projects with similar goals. Metron came from Cisco OpenSOC and Spot came from ONI. Jon Zeolla On Thu, Apr 9, 2020, 5:57 PM Yerex, Tom wrote: > Good afternoon, > > I hope everyone is safe and healthy. I tripped across the Apache Spot > project while working through some

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC3

+1 ran the RC script, spun up end to end successfully, manual validation, etc. - Jon Zeolla zeo...@gmail.com On Thu, Oct 10, 2019 at 3:10 PM Otto Fowler wrote: > +1 binding Ran RC script including the docker end to end testing > > > > > On October 10, 2019 at 14:38:45, Otto

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC2

(binding) > > > > A new RC will be created once we're satisfied the latest fix has resolved > > issues. > > > > On Tue, Oct 1, 2019, 2:47 PM zeo...@gmail.com wrote: > > > >> -1 as well, validated the issue that Otto was seeing. > >> > >>

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC2

-1 as well, validated the issue that Otto was seeing. I'm also testing to ensure that the fix properly addressed the issue and will respond if I see any issues that would block a fast follow RC3. - Jon Zeolla zeo...@gmail.com On Tue, Oct 1, 2019 at 3:27 PM Otto Fowler wrote: > The fix

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC1

if everyone would rather live with the possibility that there's a > delay post vote or if we'd rather start next week. > > On Sun, Sep 29, 2019 at 12:47 PM zeo...@gmail.com > wrote: > > > Justin Leet was running this release previously > > > > Jon Zeolla > &g

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC1

Justin Leet was running this release previously Jon Zeolla On Sun, Sep 29, 2019, 12:07 PM Otto Fowler wrote: > If you are doing the RM duties, just go a head and cut the RC. > > > > > On September 29, 2019 at 11:35:10, zeo...@gmail.com (zeo...@gmail.com) > wrote: > >

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC1

is resolved. > > On Wed, Nov 28, 2018 at 10:49 AM zeo...@gmail.com > wrote: > > > -1 > > > > In my testing it appears that an issue was introduced in 0.2 which is > > causing a segfault on the destructor ( > > > > > https://github.com/apache/metron-bro-pl

Re: [DISCUSS] HDP 3.1 Upgrade and release strategy

I agree that having a scripted approach for backup and restore of Metron configs should be necessary for such a large change/upgrade process. Having been through this many times in the past I can tell you that the difficulty of upgrading (whether perceived or actual) holds back adoption of the

Re: What's the status of Metron

I just sent an invite for the ASF slack. Check out #Metron once you're in there. There are some various network diagrams but nothing that I would consider holistic. Here are some pointers (in order) https://cwiki.apache.org/confluence/display/METRON/Metron+Architecture

Re: [VOTE] Update dev guidelines with format for sharing architecture source files and rendered images

+1 non-binding I would only prefer that we change "Appropriate architecture diagrams should be created in" to "Appropriate architecture diagrams must be created in" but I'm good either way. - Jon Zeolla zeo...@gmail.com On Fri, May 3, 2019 at 10:18 AM Michael Miklav

Re: [DISCUSS] Next Release

. When that happens, are we okay with sharing version numbers? - Jon Zeolla zeo...@gmail.com On Tue, Apr 23, 2019 at 1:42 PM Justin Leet wrote: > Absolutely. It'll probably be tomorrow before that gets into full swing. > > I don't believe we have a "0.7.1" release in Jira,

Re: [DISCUSS] Format for sharing architecture source files and rendered images

I'm also partial to draw.io. Jon Zeolla On Wed, Apr 17, 2019, 9:48 PM Otto Fowler wrote: > Also, the section should either have a blurb and like for draw.io or a > reference footnote etc. > > > On April 17, 2019 at 21:36:03, Otto Fowler (ottobackwa...@gmail.com) > wrote: > > I think we should

Re: Problems with Dev deployment.

with you. - Jon Zeolla zeo...@gmail.com On Wed, Apr 10, 2019 at 9:17 AM Otto Fowler wrote: > These issues are the reason https://github.com/apache/metron/pull/1261 was > done. It would be nice if we could get by them. > > > On April 10, 2019 at 08:13:04, Dale Richardson (tigerqu

Re: [DISCUSS] Next Release

is on? Would be nice to get a release > > out. > > > > On Thu, Mar 14, 2019, 4:53 PM zeo...@gmail.com wrote: > > > > > We should likely get METRON-2014 in, based on > > > > > > > > > https://lists.apache.org/thread.html/13b

Re: [DISCUSS] Next Release

We should likely get METRON-2014 in, based on https://lists.apache.org/thread.html/13bd0ed5606ad4f3427f24a8e759d6bcb61ace76d4afcc9f48310a00@%3Cdev.metron.apache.org%3E On Thu, Mar 14, 2019 at 4:24 PM Michael Miklavcic < michael.miklav...@gmail.com> wrote: > Ticket is now done and merged. I'm

Re: [DISCUSS] Central Navigation for Alerts and Management UI

I use both screens frequently on prod clusters. I don't know how prevalent that use case is though. Jon On Mon, Mar 11, 2019 at 7:33 AM Shane Ardell wrote: > Good point, Otto. Just posted there now. > > On Mon, Mar 11, 2019 at 12:11 PM Otto Fowler > wrote: > > > Maybe you should post to the

Re: [DISCUSS] Upgrading HBase and Kafka support

So most importantly I want to make sure to give Otto credit for being the one who cleaned up the rudimentary testing steps we had for testing the plugin and turned it into the docker end to end. Right now we manually run the tests, as there were a few follow-ons we needed to work through before

Re: [DISCUSS] Upgrading HBase and Kafka support

+1 to option 3 on both. Also strongly in favor of Docker. We recently took a similar approach in metron-bro-plugin-kafka as well (link ) to do end to end testing. Jon On Fri, Mar 8, 2019 at 9:53 AM Nick Allen wrote: > +1

Re: [DISCUSS] Architecture documentation

Sorry for the delay here. Yup I'm good with where this ended up, thanks! Jon On Tue, Feb 26, 2019 at 10:21 AM Michael Miklavcic < michael.miklav...@gmail.com> wrote: > @Jon - I think this DISCUSS thread is the last gating factor for getting > this PR in, are you ok with the prescribed approach

Re: [DISCUSS] Architecture documentation

t; > If someone thinks the code base needs X before the next release, then they > can bring up X during the release discussion. We don't need additional > procedure around this. > > On Mon, Feb 25, 2019 at 9:11 AM zeo...@gmail.com wrote: > > > I agree, I think all d

Re: [DISCUSS] Architecture documentation

I agree, I think all docs should be kept in the code base. I opened METRON-714 ages ago to get the existing cwiki docs over to READMEs as well. I would also like to see us consider a more general/overview architecture, or perhaps write each component's architecture in a way that it can be

Metron REST w/o LDAP

Is it intended that we require METRON_LDAP_PASSWORD when LDAP isn't in use to start metron-rest? ``` [metroniso@server ~]$ export METRON_LDAP_PASSWORD=anything [metroniso@server ~]$ /usr/metron/0.7.0/bin/metron-rest.sh [metroniso@server ~]$ tail -f /var/log/metron/metron-rest.log # No error ```

Re: [DISCUSS] Writer class refactor

Totally on board with everybody's comments above this point. Jon On Fri, Jan 18, 2019, 6:07 PM Michael Miklavcic wrote: > Thanks for the write up, Ryan. I had to touch on some of this when > refactoring the kafka writer away from the async model so we could > guarantee delivery. We had

[DISCUSS] Clarify development guidelines

I was looking at picking up a JIRA which could apply to both apache/metron and apache/metron-bro-plugin-kafka (upgrade to bro 2.6.1/latest). It made me take another look at our dev guidelines to see if they are explicit about having one JIRA per PR (it doesn't). Is this something we should do?

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

s support for getting a RC out sooner rather than later. > > On Tue, Dec 4, 2018 at 4:06 PM zeo...@gmail.com wrote: > > > I agree that we should move forward with the apache/metron 0.7.0 release. > > If 0.3 gets finalized in time we can include it, but otherwise no big > deal &

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

given the current version is > >> affected), I'm happy to put out a new RC. > >> > >> On Mon, Dec 3, 2018 at 4:12 PM Michael Miklavcic < > >> michael.miklav...@gmail.com> wrote: > >> > >> > +1 Nick > >> > > >

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

gt; > > METRON-1814 <https://issues.apache.org/jira/browse/METRON-1814> > > METRON-1851 <https://issues.apache.org/jira/browse/METRON-1851> > > > > On Wed, Nov 21, 2018 at 2:20 PM zeo...@gmail.com > wrote: > > > > > A metron-bro-plugin-kafka 0.3

Re: [VOTE] Metron-bro-plugin-kafka Release Candidate 0.3.0-RC1

-1 In my testing it appears that an issue was introduced in 0.2 which is causing a segfault on the destructor ( https://github.com/apache/metron-bro-plugin-kafka/commit/1dfc5239fae31a64026188109d1e346ce93d5c02#diff-361be0491d615952129ed5c8f39c9683L57). I've opened METRON-1910 and am testing a fix

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

t > > > (nickwallen) > > > > closes apache/metron#1170 > > > > METRON-1715 Create DEB Packaging for Batch Profiler (nickwallen) > > > closes > > > > apache/metron#1167 > > > > METRON-1736 Enhance Batch Profiler Integration Te

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

allen) closes > > > apache/metron#1161 > > > METRON-1707 Port Profiler to Spark (nickwallen) closes > > > apache/metron#1150 > > > METRON-1705 Create ProfilePeriod Using Period ID (nickwallen) > closes > > > apache/metron#1148 > > >

Re: [ANNOUNCE] Shane Ardell is a committer

Congrats Shane! Jon On Mon, Nov 19, 2018 at 10:43 AM Anand Subramanian < asubraman...@hortonworks.com> wrote: > Many congratulations, Shane! > > Cheers, > Anand > > On 11/19/18, 8:36 PM, "James Sirota" wrote: > > > The Project Management Committee (PMC) for Apache Metron has invited >

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

art metron release process (hopefully) sometime the week > of the 3rd? > > Are there any objections to staggering the releases like that? They could > also be done together, but it means that we have to update full dev to > match the plugin version post release. > > On Wed, Nov 1

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

In my opinion metron-bro-plugin-kafka is ready for a release. Anything else people would want to see? Once it gets released, I would like to update full dev to use the newest version prior to any future metron release (0.6.1 or whatever we choose). Jon On Wed, Nov 7, 2018 at 8:07 PM zeo

Re: [DISCUSS] Slack Channel Use

Spot on Justin, I totally agree. My only nit is that often it's much easier troubleshooting in Slack as opposed to the mailing lists, so I'm game to allow some troubleshooting in Slack as long as the issue and resolution makes it back to the lists. Given that slack message history is being kept

Re: [DISCUSS] Knox SSO feature branch review and features

Phew, that was quite the thread to catch up on. I agree that this should be optional/pluggable to start, and I'm interested to hear the issues as they relate to upgrading an existing cluster (given the suggested approach) and exposing both legacy and knox URLs at the same time. Jon On Fri, Nov

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

So, about this release, anybody have time to review apache/metron-bro-plugin-kafka#2 and apache/metron-bro-plugin-kafka#13? Jon On Wed, Oct 17, 2018 at 10:37 AM Michael Miklavcic < michael.miklav...@gmail.com> wrote: > And I do think we will be ready to roll another Metron release in the near >

Re: [DISCUSS] Deprecate split-join enrichment topology in favor of unified enrichment topology

+1 totally agree. Jon On Fri, Nov 2, 2018, 1:31 AM Anand Subramanian wrote: > Piling on my +1 (non-binding) as well. > > On 11/2/18, 4:41 AM, "Ryan Merriman" wrote: > > +1 > > On Thu, Nov 1, 2018 at 5:38 PM Casey Stella > wrote: > > > +1 > > On Thu, Nov 1, 2018 at 18:34 Nick

Re: [DISCUSS] Day 1 User Experience - Getting Metron Running

Yeah I would +1 katakoda. I also think that it would help to start distributing RPMs, DEBs, and the mpacks with the releases, as well as consider a service like opensuse's build service for nightlies, etc. Jon On Fri, Oct 26, 2018 at 6:25 AM Anand Subramanian < asubraman...@hortonworks.com>

Re: Invite to Slack Channel

Invite sent On Mon, Oct 22, 2018 at 9:26 AM Muhammed Irshad wrote: > Some one get me also the slack channel link ? > Thanks, > Muhammed Irshad > Q*Burst* > www.qburst.com > > > On Wed, Oct 17, 2018 at 7:33 PM Michael Miklavcic < > michael.miklav...@gmail.com> wrote: > > > Sent > > > > On Wed,

Re: Metron Release 0.6.1 and/or Plugin release 0.3.0?

I agree with a metron-bro-plugin-kafka release of 0.3.0 (0.3 in bro-pkg), assuming we can get apache/metron-bro-plugin-kafka#2 in. I'm working on adding travis to the metron-bro-plugin-kafka repo, but I'm not sure when I will have enough time to finish my work there and wouldn't want to hold up a

Bro plugin unit tests failing

So it seems that the last commit before the 0.2 release of metron-bro-plugin-kafka broke the one basic unit test that we had. Since metron 0.6.0 pins to 0.1 this wouldn't cause an obvious

Re: Bro plugin release process docs?

any changes to releases retroactively, I added a note to the cwiki to note the history (see "Historical Note" under section 5). Thanks, Jon On Thu, Oct 11, 2018 at 11:05 AM zeo...@gmail.com wrote: > Okay, I'll PR something since I'm looking at it > > Jon > > On Thu, Oct 1

Re: Bro plugin release process docs?

anything else that needs to happen to make sure > tags and such line up. > > On Thu, Oct 11, 2018 at 9:18 AM zeo...@gmail.com wrote: > > > Is there a reason why the prefix for apache/metron ends with a -, whereas > > the plugin ends with a _ separator? I would like to

Re: Bro plugin release process docs?

point. The docs just need an overhaul, so someone who's not me knows > what to do. > > On Wed, Oct 10, 2018 at 7:01 PM zeo...@gmail.com wrote: > > > Yeah you're right when I looked closer to make the change it was step 10. > > I pushed a manual 0.2 tag to metron-bro-plugin-ka

Re: Bro plugin release process docs?

/master/dev-utilities/release-utils/prepare-release-candidate#L245 > > > . > > On Wed, Oct 10, 2018 at 5:09 PM Michael Miklavcic < > michael.miklav...@gmail.com> wrote: > > > +1 to all of that from me, Jon. Thanks for taking care of this. > > > > On Wed

Re: Bro plugin release process docs?

and I didn't miss a new place for the plugin release instructions. Jon On Wed, Oct 10, 2018 at 4:31 PM zeo...@gmail.com wrote: > So I was poking around on the plugin today and noticed that we have > a apache-metron-bro-plugin-kafka_0.2.0-release and > apache-metron-bro-plugin-kafka_

Re: Bro plugin release process docs?

could update the bro package manager, and finally update what the apache/metron full-dev environment(s) point to (0.2 as opposed to 0.1). Thanks, Jon On Mon, May 28, 2018 at 8:41 AM zeo...@gmail.com wrote: > I did a bit of poking around and I don't believe we ever formally wrote > tha

Re: [DISCUSS] Split apart releases for core Metron and the Bro plugin

; > +1 to defer for this release and complete separation. Good fences make > > good submodules. ;) > > > > On Fri, Sep 7, 2018 at 2:33 PM zeo...@gmail.com > wrote: > > > > > +1 to defer for this release and +1 to Justin's suggested release/dist >

Re: Metron dev environments moving to require Ansible 2.4+

t; On September 28, 2018 at 11:45:14, zeo...@gmail.com (zeo...@gmail.com) > wrote: > > Do you mean this > <https://cwiki.apache.org/confluence/display/METRON/Downgrade+Ansible>? > It was the only reference I could find on the wiki. All of the READMEs > should be upd

Re: Metron dev environments moving to require Ansible 2.4+

:15 AM Otto Fowler wrote: > We should make sure the non-source documentation is updated > > > On September 28, 2018 at 09:32:52, zeo...@gmail.com (zeo...@gmail.com) > wrote: > > Hi All, > > As it currently sits, once METRON-1758 > <https://github.com/apache/me

Metron dev environments moving to require Ansible 2.4+

Hi All, As it currently sits, once METRON-1758 is merged into the code base, Ansible 2.4 or later will be required to use any of the Metron ansible playbooks. This is in contrast to the prior version requirements outlined in Metron documentation which

Re: [DISCUSS] Metron Release 0.6.0?

ct > this additional available state info. > > Best, > Mike > > > On Thu, Sep 6, 2018 at 7:34 PM zeo...@gmail.com wrote: > > > I'm not aware of the bro plugin artifacts being used in any way. > > > > Jon > > > > On Thu, Sep 6, 2018, 1

Re: [DISCUSS] Split apart releases for core Metron and the Bro plugin

+1 to defer for this release and +1 to Justin's suggested release/dist directory breakout and complete separation. Jon On Fri, Sep 7, 2018 at 1:43 PM Michael Miklavcic < michael.miklav...@gmail.com> wrote: > +1 to deferring for this release and having the separation like NiFi. Since > we're

Re: [DISCUSS] Feature branches post-merge

Yeah I don't have a good reason to suggest we keep 'em. so +1 to deleting old FBs. Jon On Fri, Sep 7, 2018 at 12:14 PM Nick Allen wrote: > +1 delete old feature branches. > > BTW, there is a branch out there called METRON-113 that we probably need to > clean-up. I'm not sure where that came

Re: [DISCUSS] Metron Release 0.6.0?

t; > On Thu, Sep 6, 2018 at 10:02 AM zeo...@gmail.com wrote: > > > Either is fine with me. If it's x.y in some parts of the app I prefer to > > keep it consistent throughout, but I'm also fine with lining up with > > Apache/Metron where we can. > > > &g

Re: [DISCUSS] Metron Release 0.6.0?

ing > 0.2? Or do we want to keep the mixed versioning and just live with it, at > least for now? > > On Wed, Sep 5, 2018 at 8:58 PM zeo...@gmail.com wrote: > > > I think mattf-horton just did that as a part of convention. He handled > > that part, an

Re: [DISCUSS] Metron Release 0.6.0?

. Jon On Wed, Sep 5, 2018 at 8:28 PM Justin Leet wrote: > Any idea why we released it as 0.1.0 in the artifacts version? I'm fine > with doing x.y if we need to, but I would like the artifact versioning to > be consistent if possible. > > On Wed, Sep 5, 2018 at 8:26 PM zeo...@gmai

Re: [DISCUSS] Metron Release 0.6.0?

I lied, we didn't need to update our btests because it's limited to a major and minor version. https://github.com/apache/metron-bro-plugin-kafka/blob/master/src/Plugin.cc#L33-L34 Jon On Wed, Sep 5, 2018 at 8:10 PM zeo...@gmail.com wrote: > I looked into x.y.z back when we released

Re: [DISCUSS] Metron Release 0.6.0?

eks ago METRON-1601: Rename metaalert alert nested field to > >> > > > metron_alert to avoid collision closes > apache/incubator-metron#1049 > >> > > > 10 weeks ago METRON-1572 Enhance KAFKA_PUT function (nickwallen) > >> closes > >> > >

Re: IRC Channel -> OPS?

Isn't it Casey? Jon On Wed, Aug 29, 2018, 08:41 Otto Fowler wrote: > Who has ops in the irc channel? > Can you pop in and set the topic to something like: > “There is an ASF slack with an active metron channel, please email > dev@metron.apache.org and request an invite” > -- Jon

Re: [DISCUSS] Getting to a 1.0 release

gt; >> > “Look, it is going to have a security vault type thing, it > is > > on > > > > the > > > > > > >> roadmap”. > > > > > > >> > > > > > > >

Re: [ANNOUNCE] - Apache Metron Slack channel

Invite sent. Jon On Mon, Aug 27, 2018, 02:45 Ali Nazemian wrote: > Can I be invited as well? > > On Thu, Aug 16, 2018 at 4:37 AM Otto Fowler > wrote: > > > Done > > > > > > On August 15, 2018 at 14:22:45, Vets, Laurens (laur...@daemon.be) wrote: > > > > Could I be invited? > > > > On

Re: Need a slack invite

Invite sent. Jon On Mon, Aug 27, 2018, 03:36 Karthik D B wrote: > Hi Team, > I’m a non-ASF committers, I Would like to join the Metron Slack Channel. > pls. Send an invite. > Thanks, > Karthik DB -- Jon

[DISCUSS] Getting to a 1.0 release

So, as has been discussed in a few other recent

Re: [DISCUSS] Metron Release 0.6.0?

I agree - I would love to see a release not long after the PCAP FB gets into master, and 0.6.0 makes sense to me. I'd also like to see a 0.2 release of metron-bro-plugin-kafka. There is one new commit, and I have a PR open which is waiting on some tests before it's ready to be evaluated/merged.

Re: Knox SSO feature branch PRs: a quick demo

Nice run through Simon that was very helpful for me to catch up on the work you've been doing. Appreciate the focus on this too, when talking to others about Metron I have heard a few times that they were interested in features that it seems we will soon have. Hopefully I'll have a chance to

Re: Bro plugin release process docs?

I did a bit of poking around and I don't believe we ever formally wrote that down. The last release happened as a combination of actions from mattf and myself (mostly mattf). The plugin has two new commits since the last release (1 bugfix 1 feature) - if we want to couple version 0.2 of the

Re: [VOTE] Metron Release Candidate 0.5.0-RC1

We did discuss doing a release since there were two new commits, but I don't think it was included in this round. Jon On Sat, May 26, 2018, 10:22 Otto Fowler wrote: > Is there a BRO RC # for this? > > > On May 25, 2018 at 14:53:25, Nick Allen (n...@nickallen.org)

Re: [DISCUSS] Pcap panel architecture

At the very least there needs to be the ability to share downloaded PCAPs with other users and/or have roles that can see all pcaps. A platform engineer may want to clean up old pcaps after x time, or a manger may ask an analyst to find all of the traffic that exhibits xyz behavior, dump a pcap,

Re: [DISCUSS] Release?

; > > > On Wed, May 9, 2018 at 12:13 PM, Michael Miklavcic < > > > michael.miklav...@gmail.com> wrote: > > > > > > > I'm also a +1 on 0.5.0. This is a fairly big release. > > > > > > > > On Wed, May 9, 2018 at 12:05 PM,

Re: [DISCUSS] Pcap UI user requirements

> BPF implementation? Also, keep in mind that our query mechanism is a map > and a reduce job, so any filtering system which depends on state (e.g. > previous packets by time) is going to trigger another architecture. > > On Mon, May 7, 2018 at 4:05 PM zeo...@gmail.com <zeo...@g

Re: [DISCUSS] Pcap UI user requirements

CEPTED, RUNNING, FINISHED, FAILED, KILLED" > > Same goes for MR job commands: > > https://hadoop.apache.org/docs/stable/hadoop-mapreduce-client/hadoop-mapreduce-client-core/MapredCommands.html#job > > Mike > > On Mon, May 7, 2018 at 2:04 PM, zeo...@gmail.com <z

Re: [DISCUSS] Release?

n <n...@nickallen.org> wrote: > > > >> +1 to 0.5.0 > >> > >> On Wed, May 9, 2018 at 1:36 PM, zeo...@gmail.com <zeo...@gmail.com> > >> wrote: > >> > >> > I agree that it's probably time (more likely, overdue) for a re

Re: [DISCUSS] Release?

o METRON-939: Upgrade ElasticSearch and Kibana (mmiklavc via > mmiklavc) closes apache/metron#840 > > > https://lists.apache.org/thread.html/01fb18dd0ee10845588c0c1a4b3f2f36d7a107c66edd2247f61756c1@%3Cdev.metron.apache.org%3E > > On Wed, May 9, 2018 at 11:18 AM, zeo...@gmail.com <

Re: [DISCUSS] Pcap panel architecture

This looks really great and gets me excited to maybe revisit some old conversations about PCAP capture in Metron. The only thing that I think it's missing is the ability to filter using bpf. I think the same thing can technically be accomplished by using packet_filter and I wouldn't throw a fit

Re: [DISCUSS] Release?

We should also mention the Upgrade of ElasticSearch and Kibana Jon On Wed, May 9, 2018 at 12:49 PM Nick Allen wrote: > Oh, and also the Solr work that is currently in a feature branch. We would > have to get the work finished up and merged though. Sounds like we are >

Re: [DISCUSS] Pcap UI user requirements

>From my perspective PCAP is primarily used as a follow-on to an alert or meta-alert - people very rarely use PCAP for initial hunting. I know this has been brought up by Otto, Mike, and Ryan across the two related threads and I think it's all spot on. Going from an alert or meta-alert to

Re: [VOTE] Development Guidelines Addendum on Inactive Pull Requests

+1 (non-binding) On Fri, Apr 20, 2018 at 9:42 AM Michel Sumbul wrote: > +1 > > 2018-04-20 14:40 GMT+01:00 Otto Fowler : > > > +1 > > > > > > On April 20, 2018 at 09:30:30, Nick Allen (n...@nickallen.org) wrote: > > > > I am proposing the

Re: GeoLite deprecating legacy DBs

something Jon, or are you referring to the old geo > enrichment? > > > > Simon > > > > > > > On 13 Apr 2018, at 10:27, zeo...@gmail.com <zeo...@gmail.com> wrote: > > > > > > Looks like we will need to update the Geo DBs that we use for > enr

GeoLite deprecating legacy DBs

Looks like we will need to update the Geo DBs that we use for enrichment. Updated versions of the GeoLite Legacy databases are now only available to redistribution license customers, although anyone can continue to download the March 2018 GeoLite Legacy builds. Starting January 2, 2019, the last

Re: Secure code analysis

en reviewing the output of the > tool > > over a period of time. > > > > Thanks, Jon > > > > > > On Dec 23, 2017 8:32 PM, "zeo...@gmail.com" <zeo...@gmail.com> wrote: > > > > Sure, not a problem. > > > > (1) I went to an eve

Re: [DISCUSS] Generic Syslog Parsing capability for parsers

So I've kept my ear to the ground regarding this topic for a while now, and had some conversations a year or so ago about the idea as well. At the very least, I think having the concept of a pre-parser is a good one, if not chaining an arbitrary number of parsers together. I see this as an

Re: [DISCUSS] Split Elasticsearch and Kibana into separate MPack from Metron

I agree, the first approach makes the most sense to me. Jon On Wed, Feb 21, 2018 at 11:45 AM Nick Allen wrote: > +1 to the first approach, as you've laid it out. That makes the most sense > to me. We need a way to rev the version of the ES Mpack independent of the > ES

Re: metron-bro-plugin kafka

gt; > Thanks, > Bharath > On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com <zeo...@gmail.com> wrote: > > > Try > > > > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, > > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird

Re: metron-bro-plugin kafka

Try redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);

DataWorks Summit San Jose

Hi All, Just a heads up that *the San Jose DataWorks Summit's call for papers is coming to a close soon *(February 9th, in 2 days!). If you are doing anything cool with open source big data and security that you want to talk about, please submit to the Cyber Security track. I'm hoping to attend

Re: [DISCUSS] Profiler Enhancement

Scenario 2 is one that I'm specifically interested in, I have that exact use case right now. I can see Scenario 1 being useful in the future as well. I'm also interested in a conversation along the lines of what Otto brought up (i.e. I would like to re-ingest data to redo parsing, enrichments,

[REQUEST] Add Ian as an Assignee in JIRA

Can someone add Ian Abreu as a potential assignee on JIRA? He has a PR open against his ticket in the bro plugin repo. Thanks, Jon -- Jon

Re: Metron User Community Meeting Call

Thanks Otto, I'm in to attend at that time/place. Jon On Thu, Jan 25, 2018, 14:45 Otto Fowler wrote: > I would like to propose a Metron user community meeting. I propose that we > set the meeting next week, and will throw out Wednesday, January 31st at > 09:30AM PST,

Re: [DISCUSS] Update Metron Elasticsearch index names to metron_

I agree with having a metron_ prefix for ES indexes, and the timing. Jon On Wed, Jan 24, 2018 at 3:20 PM Michael Miklavcic < michael.miklav...@gmail.com> wrote: > With the completion of https://github.com/apache/metron/pull/840 > (METRON-939: Upgrade ElasticSearch and Kibana), we have the

Re: [DISCUSS] Time to remove github updates from dev?

I would give that +1 as well. Jon On Fri, Jan 19, 2018 at 3:32 PM Casey Stella wrote: > I could get behind that. > > On Fri, Jan 19, 2018 at 3:31 PM, Andre wrote: > > > Folks, > > > > May I suggest Metron follows the NiFi mailing list strategy (we

Re: Anand is a new Committer!

Welcome aboard, Anand! Congrats Jon On Thu, Jan 11, 2018 at 10:41 AM Otto Fowler wrote: > Congratulations and welcome Anand! > > > On January 11, 2018 at 09:29:24, Casey Stella (ceste...@gmail.com) wrote: > > The Project Management Committee (PMC) for Apache Metron

Re: Secure code analysis

master and/or previous releases to Veracode to see if we > get actionable results? > > > > > > On Thu, Dec 21, 2017 at 10:48 AM, zeo...@gmail.com <zeo...@gmail.com> > wrote: > > > Just following up on this conversation again - > > > > I have discussed this ad-

Re: Secure code analysis

That would be great. I can work with them > > 15.12.2016, 18:38, "zeo...@gmail.com" <zeo...@gmail.com>: > > I recently discussed this topic with Veracode regarding the metron > project > > and they mentioned there may be interest in providing free services, &

Re: [DISCUSS] Resources for how to contribute to Apache Metron

For nearly everybody I've talked to about this project that had complaints, I've heard something about the significant barrier to entry, divided into two general categories. Category 1 is that a lot of security teams lack substantial experience with Hadoop and would like to get a better

Re: [DISCUSS] Stellar in a Zeppelin Notebook

This is some awesome work, I'm looking forward to being able to play with it. Jon On Tue, Dec 19, 2017 at 1:12 PM Nick Allen wrote: > Yes, I definitely want auto-complete also. > > I am factoring out some of the logic you did for auto-complete in the REPL > in hopes of

Re: [DISCUSS] Lowering the barrier to entry to for new users

I agree we should streamline #2 and lower the bar, and we can readdress if we are getting PRs that don't follow the contributing guidelines. We should also make a contributing.md as not everybody knows about the wiki. For #3, I think the scripts that Nick, Otto, and others have written for

Re: [VOTE] Metron Release Candidate 0.4.2-RC2

+1 (non-binding), also validated using Otto's script (super good work). Downloaded, validated checksums/sigs, bulit, ran tests, spun up full-dev, did some basic poking around. Jon On Tue, Dec 19, 2017 at 2:45 PM Nick Allen wrote: > +1 I validated using Otto's great

  1   2   >