Re: Not seeing any Metron alerts.

2017-09-25 Thread Nick Allen
And, this PR just went into master. Hopefully this will help in the future. Let me know how I can make it better. On Mon, Sep 25, 2017 at 4:54 PM, Nick Allen wrote: > Just as a side note, based on PR #733 [1], you can also simulate/debug > these types of > ​Threat Triage ​

Installation Issues

2017-09-25 Thread Syed Hammad Tahir
Hello everyone, any Idea how I can resolve this? [image: Inline image 1]

Re: Installation Issues

2017-09-25 Thread Syed Hammad Tahir
Provisioning a server grade machine is impossible at the moment. The current resources are the maximum I have to run metron or atleast just start it. On Tue, Sep 26, 2017 at 10:15 AM, Khurram Ahmed wrote: > Dear Hammad > Without getting into specifics of technical

Unable to add the hosts

2017-09-25 Thread kotipalli venkatesh
Hi All, Please help on the below error, Target host, we added nodes and import the id_rsa file on the main node. and click the ok button but confirm host status is failed. please give suggestion on the below error. [image: Inline image 2] [image: Inline image 1]

Re: Metron Installation

2017-09-25 Thread Syed Hammad Tahir
I have increased the ram to 12 GB. The os I use is ubuntu so I guess metron might be able to get 8GB of ram. Have left the installation running back at office. Last command I left running was vagrant provision and will check tomorrow the outcome. On Mon, Sep 25, 2017 at 5:53 PM, zeo...@gmail.com

Re: Not seeing any Metron alerts.

2017-09-25 Thread Simon Elliston Ball
the _score field is actually an elastic search matching score field, and is not relevant to metron. You should see the scores in the threat:triage:score field. However, your rules will only be run if the telemetry has is_alert set true, so you should ensure that the enrichment phase sets

Re: Unable to add the hosts

2017-09-25 Thread Simon Elliston Ball
The list says it wants one host per line, you have given it comma separated. > On 25 Sep 2017, at 09:31, kotipalli venkatesh > wrote: > > > Hi All, > > Please help on the below error, Target host, we added nodes and import the > id_rsa file on the main node.

Re: Unable to add the hosts

2017-09-25 Thread kotipalli venkatesh
Hi Thanks for the response. I followed the below link, https://cwiki.apache.org/confluence/display/METRON/Metron+0.4.0+with+HDP+2.5+bare-metal+install+on+Centos+7+with+MariaDB+for+Metron+REST On Mon, Sep 25, 2017 at 4:54 PM, Simon Elliston Ball < si...@simonellistonball.com> wrote: > The

Re: Metron Installation

2017-09-25 Thread Syed Hammad Tahir
But this guide says that 8gb ram is required (which I have) to run single node VM version https://cwiki.apache.org/confluence/display/METRON/Dev+VM+Install I am able to get into ambari and see this: [image: Inline image 1] >From where can I see the error logs on whats going on? I just need to