Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/844#discussion_r152067166
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/bro/BasicBroParserTest.java
---
@@ -1133,6 +1133,233 @@ public void
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152077236
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15 @@
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
The documentation in the template is nice. After 777, when each parser has
a readme, this documentation of the index fields should be in the bro readme.
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/844
Thanks @ottobackwards
While I feel like the ES template documentation is good enough for now, I
really want to investigate something cleaner, probably via 777 but also
potentially by
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152075990
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15 @@
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/845
I am still testing this in Full Dev. Will respond once I verify this
completely.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
Documentation that cannot be found doesn't exist, people who aren't devs
aren't going to look in the deployment code
---
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r152075056
--- Diff: scripts/Bro/Kafka/logs-to-kafka.bro ---
@@ -14,32 +14,37 @@
# See the License for the specific language governing
GitHub user nickwallen opened a pull request:
https://github.com/apache/metron/pull/845
METRON-1321 Metaalert Threat Score Type Does Not Match Sensor Indices
After creating Metaalerts in the Alerts UI, I am unable to sort by threat
triage score. The exception that is logged is
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
I am +1 pending travis.
Reviewed code
Ran build and tests ( after fix*)
Followed test instructions.
Great work @JonZeolla
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152069979
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/845
Could we also add the threat score to the metaalert template, to match the
other templates?
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/844
[METRON-1322](https://issues.apache.org/jira/browse/METRON-1322) for your
PCAP feature request.
Also, I totally agree with your documentation notes. Cleaning this up has
been on my to-do
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/803
@iraghumitra looks like the new API isn't being used quite right.
Sample from the dev tools
```
{
"alerts": [
{
"guid":
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
Is there some way to document these PCAPS?
Could we have a script that does what you do here just checked in?
I think this would be useful.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/844#discussion_r152052808
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/bro/BasicBroParserTest.java
---
@@ -1133,6 +1133,233 @@ public void
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/803
I've verified the bug reported by Justin happens when you create a meta
alert from a group that is nested by more than 1 level. Creating a meta alert
from a top level group works.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
Ran tests as described, everything worked according to steps.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
That is fine. We should surface them regardless at some point. Burying
them in the deployment is not ideal. How they index is an important part of
any parser's base functionality.
---
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/803
That's weird @justinleet . The create request is working for me. I'll
mess with it some more and try to replicate what you are seeing.
I am seeing a separate issue on the REST UI side.
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/845
+1 by inspection, assuming @ottobackwards is good.
Thanks for expanding the comments out, it's definitely helpful.
---
Github user asfgit closed the pull request at:
https://github.com/apache/metron/pull/845
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/845
+1
---
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/803
@justinleet my bad. The search query to fetch all the alerts in a group was
returning a nested object since I was passing 'source: type' twice in the
fields. I don't know why I was getting a
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152083195
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15 @@
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/845
I ran this up according to my testing instructions and it addresses the
problem. Please take a look-see.
---
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r152085762
--- Diff: scripts/Bro/Kafka/logs-to-kafka.bro ---
@@ -14,32 +14,37 @@
# See the License for the specific language governing
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152081656
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/814
Bump?
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/844
Okay, so I spun up master, pushed my template via `curl`, and then ran the
above commands to confirm backward compatibility with the template on bro
2.4.x. The only change to my steps that I had
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/841
+1, ship it
---
Github user anandsubbu commented on the issue:
https://github.com/apache/metron/pull/841
Hi @nickwallen
> I am not sure exactly what the problem is, but the same condition occurs
in master. I would call this a pre-existing condition that we can handle with a
separate PR.
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/803
@justinleet my bad. The search query to fetch all the alerts in a group was
returning a nested object since I was passing 'source: type' twice in the
fields. I don't know why I was getting a
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/844
There is no requirement to upgrade bro with this change. All old fields and
logs are still supported, this simply adds support for the new fields in
existing logs or new logs altogether to be
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/844
Are there any consequences for users with external, existing and older bro
installations? Will they have to upgrade bro if they take this build?
---
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/803
@iraghumitra I see that you merged some changes. Is this ready to test?
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/844
I'm going to see if I can find some time today to fix the tests, but this
is ready for review otherwise. Full-dev worked as expected for me.
---
Github user iraghumitra commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r151964471
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.scss
---
@@ -143,3 +167,12 @@ textarea {
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/803
Merged the PR with master and used new API's for creating meta-alerts.
Please feel free to review and let me know the feedback.
---
39 matches
Mail list logo
