[GitHub] incubator-metron pull request #450: METRON-690: Create a DSL-based timestamp...

GitHub user cestella opened a pull request: https://github.com/apache/incubator-metron/pull/450 METRON-690: Create a DSL-based timestamp lookup for profiler to enable sparse windows Creating a small DSL to allow specifying profiles from windows of time that may: * repeat

[GitHub] incubator-metron pull request #438: METRON-686 Record Rule Set that Fired Du...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/438#discussion_r100442785 --- Diff: metron-platform/metron-enrichment/src/main/java/org/apache/metron/threatintel/triage/ThreatTriageProcessor.java --- @@ -52,15 +74,36

[GitHub] incubator-metron issue #447: METRON-708: Update metron documentation

Github user JonZeolla commented on the issue: https://github.com/apache/incubator-metron/pull/447 Would anybody be willing to update [this

[GitHub] incubator-metron issue #448: Rev MPack Version to 0.3.1.0

Github user justinleet commented on the issue: https://github.com/apache/incubator-metron/pull/448 Went through the Ambari steps to point where install started running. Version numbers look good throughout. --- If your project is set up for it, you can reply to this email and have

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/449#discussion_r100408667 --- Diff: metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java --- @@ -0,0 +1,78 @@

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user justinleet commented on the issue: https://github.com/apache/incubator-metron/pull/438 After talking with Casey, it's an issue with StellarShell, not this PR. I'll make a ticket and get it done. So feel free to ignore this issue, @nickwallen --- If your project is

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user justinleet commented on the issue: https://github.com/apache/incubator-metron/pull/438 Seems like THREAT_TRIAGE_REMOVE just behaves really badly ``` [Stellar]>>> conf := THREAT_TRIAGE_ADD(conf, [triage]) [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf,

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/449 METRON-701 Triage Metrics Produced by the Profiler ## [METRON-701](https://issues.apache.org/jira/browse/METRON-701) Please do not merge. I am looking for feedback on this

[GitHub] incubator-metron pull request #448: Rev MPack Version to 0.3.1.0

GitHub user justinleet opened a pull request: https://github.com/apache/incubator-metron/pull/448 Rev MPack Version to 0.3.1.0 Updating the version number in the mpack stuff (nothing automated, just manually changed it). Built a new version of the mpack locally, and it has

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user justinleet commented on the issue: https://github.com/apache/incubator-metron/pull/438 I saw some odd behavior I think is unrelated to this PR itself while testing. I tried to remove the threat triage rule, messed up, fixed it, and then borked my conf variable.

Re: Rev additional metron components?

Yup Matt. I can most definitively state that Ambari Upgrade is not currently supported. Yet. :) -D... On Thu, Feb 9, 2017 at 3:12 PM, Justin Leet wrote: > Jira is https://issues.apache.org/jira/browse/METRON-710. > > Justin > > On Thu, Feb 9, 2017 at 2:58 PM, Matt Foley

Re: Rev additional metron components?

Jira is https://issues.apache.org/jira/browse/METRON-710. Justin On Thu, Feb 9, 2017 at 2:58 PM, Matt Foley wrote: > The only reason not to go “backwards” is if someone is going to try to use > Ambari Upgrade to move from the 0.3.0 Mpack to this one. > > I THINK it’s unlikely

Re: Rev additional metron components?

The only reason not to go “backwards” is if someone is going to try to use Ambari Upgrade to move from the 0.3.0 Mpack to this one. I THINK it’s unlikely this is a concern, so I’m okay with 0.3.1.0, but I would change my opinion if someone says a real-world user in the field will want to use

Re: Rev additional metron components?

I'm good with 0.3.1.0 too, so I'll go ahead and spin up a ticket and make that change. Justin On Thu, Feb 9, 2017 at 2:53 PM, David Lyle wrote: > I'm good with 0.3.1.0. > > -D... > > On Thu, Feb 9, 2017 at 2:36 PM, zeo...@gmail.com wrote: > > > I agree

Re: [VOTE] Releasing Apache Metron (incubating) 0.3.1-RC3

-1 (non-binding) due to mpack revision number On Thu, Feb 9, 2017, 2:42 PM Casey Stella wrote: > -1, we didn't rev the mpack. Discussion going on currently as to what > version it should be and Justin volunteered to do the work. I vote we wait > for that and cut another

[GitHub] incubator-metron issue #445: METRON-706: Add Stellar transformations and fil...

Github user mmiklavc commented on the issue: https://github.com/apache/incubator-metron/pull/445 Adding these timing notes about the import for reference: **No filter, local load, multiple threads (5), batch 128** real10m22.127s user11m11.873s sys

Re: Rev additional metron components?

I'm good with 0.3.1.0. -D... On Thu, Feb 9, 2017 at 2:36 PM, zeo...@gmail.com wrote: > I agree with Casey regarding the version itself, but I'd be fine with > somethign else if someone else has a convincing argument. > > Jon > > On Thu, Feb 9, 2017 at 2:12 PM Justin Leet

[GitHub] incubator-metron pull request #438: METRON-686 Record Rule Set that Fired Du...

Github user justinleet commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/438#discussion_r100395910 --- Diff: metron-platform/metron-enrichment/src/main/java/org/apache/metron/threatintel/triage/ThreatTriageProcessor.java --- @@ -52,15 +74,36

Re: [VOTE] Releasing Apache Metron (incubating) 0.3.1-RC3

-1, we didn't rev the mpack. Discussion going on currently as to what version it should be and Justin volunteered to do the work. I vote we wait for that and cut another RC. On Thu, Feb 9, 2017 at 9:23 AM, Casey Stella wrote: > This is a call to vote on releasing Apache

Re: Rev additional metron components?

I agree with Casey regarding the version itself, but I'd be fine with somethign else if someone else has a convincing argument. Jon On Thu, Feb 9, 2017 at 2:12 PM Justin Leet wrote: I can pick this up once we have an agreement on the version number. When we agree on

Re: Rev additional metron components?

I can pick this up once we have an agreement on the version number. When we agree on that, I'll make a Jira and rev it. Justin On Thu, Feb 9, 2017 at 2:05 PM, Casey Stella wrote: > I do agree that the MPack should be rev'd and a new RC should be cut. Is > there a way to

Re: Rev additional metron components?

I do agree that the MPack should be rev'd and a new RC should be cut. Is there a way to name the versioning of the management pack so that it indicates the oldest version of Metron that can be installed with that version? So, in this case, maybe 0.3.1.0? Also, I'm looking for volunteers to take

Re: Rev additional metron components?

Good looking out, Jon! I would recommend against version matching it with Metron. In the future, the MPack will need to rev much less frequently than Metron, so MPack rev x.x.x.x will install Metron y.y.y+. My read on the prior release bits is that 0.3.0 is using MPack 1.0.0.0-SNAPSHOT, which is

[GitHub] incubator-metron pull request #438: METRON-686 Record Rule Set that Fired Du...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/438#discussion_r100379863 --- Diff: metron-platform/metron-enrichment/src/main/java/org/apache/metron/threatintel/triage/ThreatTriageProcessor.java --- @@ -52,15 +74,36

Rev additional metron components?

So I was spinning up the 0.3.1-RC3 candidate on my bare metal cluster today and I noticed that when I generated the mpack it still had a version of 1.0.0.0. I double checked and made sure that the mpack existed in the 0.3.0 release

[GitHub] incubator-metron issue #422: METRON-670 Monit Incorrectly Reports Status

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/422 I found myself having to manually do this all the time. I thought it might be worthwhile to put the fix in, so that at least we have a record of it working at some point in time.

[GitHub] incubator-metron issue #422: METRON-670 Monit Incorrectly Reports Status

Github user justinleet commented on the issue: https://github.com/apache/incubator-metron/pull/422 @dlyle65535 I'm fine with holding off on it. I wasn't sure of the timing on that, and I have been annoyed by this issue in my own testing in the interim. @nickwallen You okay

[GitHub] incubator-metron issue #422: METRON-670 Monit Incorrectly Reports Status

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/422 All of these files will go away as a result of [PR-436](https://github.com/apache/incubator-metron/pull/436). Would you guys be willing to hold off until I can get it completed and

[GitHub] incubator-metron issue #422: METRON-670 Monit Incorrectly Reports Status

Github user justinleet commented on the issue: https://github.com/apache/incubator-metron/pull/422 +1, spun this up in quick dev, and it seems to work well and the UI reports the timeout on status is 60 seconds. Thanks for grabbing this. --- If your project is set up for it, you

[GitHub] incubator-metron pull request #447: METRON-708: Update metron documentation

GitHub user JonZeolla opened a pull request: https://github.com/apache/incubator-metron/pull/447 METRON-708: Update metron documentation Primarily these was an update of table formatting and fixing or improving links in documentation. However some important content was changed, as

[VOTE] Releasing Apache Metron (incubating) 0.3.1-RC3

This is a call to vote on releasing Apache Metron 0.3.1-RC3 incubating Full list of changes in this release: https://dist.apache.org/repos/dist/dev/incubator/metron/0.3.1-RC3-incubating/CHANGES The tag/commit to be voted upon is apache-metron-0.3.1-rc3-incubating:

[RESULT][VOTE] Releasing Apache Metron (incubating) 0.3.1-RC2

The vote fails due to issues with the ansible deploy which have been corrected as of METRON-707. RC3 will be out momentarily. Results: +1 Nick Allen Anand Subramanian (non-binding) Casey Stella -1 James Sirota

[GitHub] incubator-metron pull request #446: METRON-707: Correct ansible to execute t...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/446 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

[GitHub] incubator-metron issue #445: METRON-706: Add Stellar transformations and fil...

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/445 +1 by inspection --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and