[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...

[MohanDV]

Github user MohanDV commented on the issue:

https://github.com/apache/metron/pull/895
  
addressed review comments to add the required ACL to current user while 
creating a new topic using the rest end point. 


---

[GitHub] metron issue #891: METRON-1282 add the required ACL to current user while cr...

[MohanDV]

Github user MohanDV commented on the issue:

https://github.com/apache/metron/pull/891
  
redundant 


---

[GitHub] metron pull request #891: METRON-1282 add the required ACL to current user w...

[MohanDV]

Github user MohanDV closed the pull request at:

https://github.com/apache/metron/pull/891


---

[DISCUSS] community view/roadmap of threat intel

[Ali Nazemian]

Hi All,

I would like to understand Metron community view on Threat Intel
aggregators as well as the roadmap of threat intelligence and threat
hunting. There are some open source options available regarding threat
intel aggregator such as Minemeld, Hippocampe, etc. Is there any plan to
build that as a part of Metron in future? Is there any specific aggregator
you think would be more aligned with Metron roadmap?

Cheers,
Ali

Re: metron-bro-plugin kafka

[bharath phatak]

Thanks Jon. I will try this out.
Appreciate your response.

On Wed, Feb 14, 2018, 12:08 AM zeo...@gmail.com  wrote:

> Okay, great.  It's possible that you need to do something like the
> following to get known devices:
>
>  echo "redef Software::asset_tracking = ALL_HOSTS;" >>
> /usr/local/bro/share/bro/site/local.bro
>
> These snippets are from my testing instructions related to adding support
> for bro 2.5.2 logs (link ).
> They should find their way into the plugin README eventually.
>
> Jon
>
> On Tue, Feb 13, 2018 at 6:35 AM bharath phatak 
> wrote:
>
> > Hi Jon,
> >
> > Other than Known::DEVICES_LOG rest all worked.
> >
> > Thanks,
> > Bharath
> > On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com  wrote:
> >
> > > Try
> > >
> > > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG,
> DPD::LOG,
> > > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG,
> Weird::LOG,
> > > Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG,
> X509::LOG,
> > > Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
> > >
> > > Note that you usually wouldn't want to send reporter.log, as that's
> where
> > > errors get sent and it could become an infinite loop.
> > >
> > > Jon
> > >
> > > On Tue, Feb 13, 2018, 05:26 bharath phatak 
> > > wrote:
> > >
> > > > Hi Team,
> > > >
> > > > Can some one help me out on the list of
> > > > redef Kafka::logs_to_send values?
> > > >
> > > > I want to push all logs generated by bro to Kafka.
> > > >
> > > > I tried adding log file name but getting bro is crashing
> > > >
> > > > Ex weird::LOG, Files::LOG
> > > >
> > > > Thanks,
> > > > Bharath
> > > >
> > >
> > >
> > > --
> > >
> > > Jon
> > >
> >
> --
>
> Jon
>

Re: metron-bro-plugin kafka

[zeo...@gmail.com]

Okay, great.  It's possible that you need to do something like the
following to get known devices:

 echo "redef Software::asset_tracking = ALL_HOSTS;" >>
/usr/local/bro/share/bro/site/local.bro

These snippets are from my testing instructions related to adding support
for bro 2.5.2 logs (link ).
They should find their way into the plugin README eventually.

Jon

On Tue, Feb 13, 2018 at 6:35 AM bharath phatak 
wrote:

> Hi Jon,
>
> Other than Known::DEVICES_LOG rest all worked.
>
> Thanks,
> Bharath
> On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com  wrote:
>
> > Try
> >
> > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
> > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
> > Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
> > Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
> >
> > Note that you usually wouldn't want to send reporter.log, as that's where
> > errors get sent and it could become an infinite loop.
> >
> > Jon
> >
> > On Tue, Feb 13, 2018, 05:26 bharath phatak 
> > wrote:
> >
> > > Hi Team,
> > >
> > > Can some one help me out on the list of
> > > redef Kafka::logs_to_send values?
> > >
> > > I want to push all logs generated by bro to Kafka.
> > >
> > > I tried adding log file name but getting bro is crashing
> > >
> > > Ex weird::LOG, Files::LOG
> > >
> > > Thanks,
> > > Bharath
> > >
> >
> >
> > --
> >
> > Jon
> >
>
-- 

Jon

[GitHub] metron issue #579: METRON-941 fix PaloAltoParser

[ottobackwards]

Github user ottobackwards commented on the issue:

https://github.com/apache/metron/pull/579
  
Im +1 on this.  I would like to get comment from @simonellistonball et al 
on the change for syslog


---

[GitHub] metron issue #916: METRON-1434 - Ability to deploy Metron full dev as a sing...

[as22323]

Github user as22323 commented on the issue:

https://github.com/apache/metron/pull/916
  
Thanks. If needed here is the deployment script that worked with Metron 
0.4.1. 

https://github.com/LTW-GCR-CSOC/csoc-installation-scripts/blob/master/amazon-deploy/Metron/aws-vagrant_0.4.1/Vagrantfile


---

Re: metron-bro-plugin kafka

[bharath phatak]

Hi Jon,

Other than Known::DEVICES_LOG rest all worked.

Thanks,
Bharath
On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com  wrote:

> Try
>
> redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
> FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
> Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
> Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
>
> Note that you usually wouldn't want to send reporter.log, as that's where
> errors get sent and it could become an infinite loop.
>
> Jon
>
> On Tue, Feb 13, 2018, 05:26 bharath phatak 
> wrote:
>
> > Hi Team,
> >
> > Can some one help me out on the list of
> > redef Kafka::logs_to_send values?
> >
> > I want to push all logs generated by bro to Kafka.
> >
> > I tried adding log file name but getting bro is crashing
> >
> > Ex weird::LOG, Files::LOG
> >
> > Thanks,
> > Bharath
> >
>
>
> --
>
> Jon
>

[GitHub] metron issue #936: METRON-1450:Added documentation for random access and bat...

[MohanDV]

Github user MohanDV commented on the issue:

https://github.com/apache/metron/pull/936
  
@JonZeolla are you referring to metron-platform/metron-indexing/README.md ?


---

[GitHub] metron issue #936: METRON-1450:Added documentation for random access and bat...

[JonZeolla]

Github user JonZeolla commented on the issue:

https://github.com/apache/metron/pull/936
  
Would you also mind updating the main README?


---

[GitHub] metron pull request #936: METRON-1450:Added documentation for random access ...

[MohanDV]

GitHub user MohanDV opened a pull request:

https://github.com/apache/metron/pull/936

METRON-1450:Added documentation for random access and batch indexing 
topology rest endpoints


## Contributor Comments

Added documentation for random access and batch indexing topology rest 
endpoints.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [ ] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [ ] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/MohanDV/metron METRON-1450

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/936.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #936


commit 80e9de00f41155fb55b9e48af1b41029032282d9
Author: Mohan Venkateshaiah 
Date:   2018-02-13T10:53:51Z

Added documentation for splitting the indexing topology into 
random_access_indexing and batch_indexing.




---

Re: metron-bro-plugin kafka

[zeo...@gmail.com]

Try

redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);

Note that you usually wouldn't want to send reporter.log, as that's where
errors get sent and it could become an infinite loop.

Jon

On Tue, Feb 13, 2018, 05:26 bharath phatak  wrote:

> Hi Team,
>
> Can some one help me out on the list of
> redef Kafka::logs_to_send values?
>
> I want to push all logs generated by bro to Kafka.
>
> I tried adding log file name but getting bro is crashing
>
> Ex weird::LOG, Files::LOG
>
> Thanks,
> Bharath
>


-- 

Jon

metron-bro-plugin kafka

[bharath phatak]

Hi Team,

Can some one help me out on the list of
redef Kafka::logs_to_send values?

I want to push all logs generated by bro to Kafka.

I tried adding log file name but getting bro is crashing

Ex weird::LOG, Files::LOG

Thanks,
Bharath

[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...

[MohanDV]

Github user MohanDV commented on the issue:

https://github.com/apache/metron/pull/895
  
I have reopened my earlier pull request 
(https://github.com/apache/metron/pull/891) where I am adding the required 
acl's while creating the topic, without a separate endpoint. 


---