Hi list,
I have some general Alerts UI questions/comments/remarks, I hope you
don't mind :) I'm using the UI that's part of Metron 0.4.2. These apply
to my specific use case, so I might be completely wrong in how I use the
UI...
- When you're talking about 'alerts', from what I can see in the UI,
that's synonymous with just events in elasticsearch right? Wouldn't it
make more sense to treat alerts as events where "is_alert" == True?
- It seems that everything I do in the UI is only stored locally? See
https://github.com/apache/metron/tree/master/metron-interface/metron-alerts.
Can this made persistent for multiple people?
- How can I change the content "Filters" on the left of the UI?
- How do I create a MetaAlert?
- What's the plan regarding notifying someone when alerts triggers?