[GitHub] incubator-metron pull request #313: METRON-500: fix assembly id

GitHub user 2xyo opened a pull request: https://github.com/apache/incubator-metron/pull/313 METRON-500: fix assembly id The build on current master fails because is empty. In previous versions of maven (before 2.2 final), leaving off the assembly id and leaving the

[GitHub] incubator-metron pull request #308: Metron-498 Grok patterns are now read fr...

Github user merrimanr commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/308#discussion_r83749245 --- Diff: metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java --- @@ -168,4 +177,12 @@ public void

[GitHub] incubator-metron pull request #276: METRON-363 Fix Cisco ASA Parser

Github user kylerichardson commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/276#discussion_r83768223 --- Diff: metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/utils/SyslogUtils.java --- @@ -0,0 +1,125 @@ +/**

Re: new committer: Otto Fowler

Congrats Otto! Jon On Mon, Oct 17, 2016 at 1:33 PM Casey Stella wrote: > Welcome aboard, Otto! > > On Mon, Oct 17, 2016 at 1:32 PM, David Lyle wrote: > > > Welcome Otto! > > > > -D... > > > > > > On Mon, Oct 17, 2016 at 1:31 PM, James Sirota

Re: [DISCUSS] Threat Triage Rule failure

Can I vote for neither? I believe that is_alert is primarily intended for use by a SOC Analyst (assumed level 1) before it gets passed to a SOC Investigator, Forensic Investigator, etc., and that a message which failed a threat triage rule should instead come to the attention the SOC Investigator

Re: [DISCUSS] Threat Triage Rule failure

You certainly can vote for neither. :) Just for clarity, is_alert is not set by the triage code. Only messages which are alerts already are triaged. I wasn't clear in how I explained that, so sorry about that. Option 1 would just send the data through untriaged and 2 would skip the bad rule

Re: [MENTORS] Release Maturity

That's more aggressive than I would have initially suggested, but I would be on board with that sort of a meeting. Interested to see how others feel. Jon On Mon, Oct 17, 2016 at 1:40 PM James Sirota wrote: > Fair criticism. Would you like to call a recurring meeting where

Re: [DISCUSS] Threat Triage Rule failure

My thoughts here essentially devolve into a selfish interest in alerts separate from a SOC analyst style alert in order to facilitate notifications such as larger issues with a topology, extremely high latency for an enrichment, a drop off in certain types of sensor traffic, etc. I feel like

[GitHub] incubator-metron pull request #308: Metron-498 Grok patterns are now read fr...

Github user merrimanr commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/308#discussion_r83749198 --- Diff: metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java --- @@ -116,6 +122,9 @@ public void

[GitHub] incubator-metron pull request #312: METRON-505: Add environment variable and...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/312#discussion_r83660563 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/SystemFunctions.java --- @@ -0,0 +1,75 @@ +/**

[GitHub] incubator-metron issue #311: METRON-502 Make the ParserIntegrationTest more ...

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/311 @ottobackwards I was suggesting that `printBadResults` take a StringBuffer where what would be printed is accumulated and then passed back. Then in the individual tests, you could decide

[GitHub] incubator-metron pull request #312: METRON-505: Add environment variable and...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/312#discussion_r83646243 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/BaseStellarFunction.java --- @@ -18,8 +18,10 @@ package

[GitHub] incubator-metron pull request #311: METRON-502 Make the ParserIntegrationTes...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/311#discussion_r83644949 --- Diff: metron-platform/metron-integration-test/src/main/java/org/apache/metron/integration/ProcessorResult.java --- @@ -0,0 +1,90 @@ +/**

Re: [ANNOUNCE] Metron Apache Community Demo Recording Oct14,2016

Great stuff! Very useful information. Thanks for hosting. -Kyle On Sat, Oct 15, 2016 at 3:57 AM, Yohann Lepage wrote: > Hi James, > > Thanks for the recording! > > Could you please also update the "Meeting Notes" page on the wiki with > the link to the recording? > >

[GitHub] incubator-metron pull request #311: METRON-502 Make the ParserIntegrationTes...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/311#discussion_r83644732 --- Diff: metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/integration/EnrichmentIntegrationTest.java --- @@ -160,16

[GitHub] incubator-metron pull request #303: METRON-424 ability to validate ip addres...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/303 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

[MENTORS] Release Maturity

Hi Everyone, I'd like to get a bit more systematic about how we release and I wanted some clarification and advice about suggested release process. The last release, we - opened up the release via an announce thread that gave people the opportunity to object and add JIRAs they felt were

[DISCUSS] Field Transformation Error States

Hi Everyone, When we have a Field Transformation which is in error in the parser, the current behavior is to send the message in question to the error queue. I wanted to have a discussion around what the correct state of affairs for this is. The way I see it, we have one of two options: 1.

Re: [DISCUSS] Field Transformation Error States

1 for me. The Stellar transformations are part of creating a compete document ( along with the parsing ) that will be passed to other topologies for further processing. Failure on either side should be an error.  This avoids inconsistency downstream and other problems.  If Metron were to allow

Re: new committer: Otto Fowler

Thank you everyone, happy to pitch in. On October 17, 2016 at 13:31:13, James Sirota (jsir...@apache.org) wrote: The Podling Project Management Committee (PPMC) for Apache Metron (Incubating) has asked Otto Fowler to become a committer and we are pleased to announce that they have accepted.