George, I didn't see my name reflected in the meeting minutes. Are you able to add? Thx!
Regards, Brad Kolarov | B23 LLC | b...@b23.io<mailto:b...@b23.io> | 703.957.9155<tel:703.957.9155> -------- Original message -------- From: George Vetticaden <gvettica...@hortonworks.com> Date: 12/13/2015 08:13 (GMT-05:00) To: dev@metron.incubator.apache.org Subject: Re: COMMERCIAL:Re: [DISCUSS] UI Requirements Meeting Going forward, lets start documenting meeting notes here: https://cwiki.apache.org/confluence/display/METRON/Meeting+Minutes -- George VetticadenPrincipal, COE gvettica...@hortonworks.com (630) 909-9138 On 12/12/15 8:24 AM, "George Vetticaden" <gvettica...@hortonworks.com> wrote: >Team, > >Here are the meeting minutes from our first requirements meeting. >For a first meeting, I believe it was productive. > >You can also find the notes from the meeting here: >http://tinyurl.com/oehgnep > > >-----Meeting Summary-------- > >Discussion of various requirements for Metron. We reviewed the following >docs: > >1. Discover reviewed the following requirement doc: >https://onedrive.live.com/view.aspx?cid=e12c061b74681e7c&page=view&resid=E >1 >2C061B74681E7C!5700&parId=E12C061B74681E7C!5694&authkey=!ANEjQgPa9cgzVts&a >p >p=Excel > > >2. George reviewed the following requirement doc: >https://onedrive.live.com/view.aspx?cid=e12c061b74681e7c&page=view&resid=E >1 >2C061B74681E7C!5699&parId=E12C061B74681E7C!5694&authkey=!ANEjQgPa9cgzVts&a >p >p=Word > > > > >------Attendees----------- > > > >Discover Gerdes - Rackspace > >George Vetticaden - Hortonworks > >James Sirota - Hortonworks > >Noreen Santini - Hortonworks > >Oskar Zabik - Rackspace > >Mark Bittmann - b23 > >Debo Dutta - Cisco > > > > > >--------Notes----------- > > > >1. Need to come up with Taxonomy for Metron so everyone is speaking the >same language. Need to finalize and define terms such as: > > 1. Event > > 2. Alert > > 3. Incident > > 4. Asset > > 5. Risk > > 6. Threat > > 7. Urgency > > > >2. For Rackspace, multi-tenancy requirements will be key. They will have >multiple customers using shared infrastructure where data will need to >flow into a single Metron cluster. So being able to identify an event >associated with a specific customer are critical. > >3. Different Personas of the users of the system include: > > 1. Junior Security Analyst > > 2. Senior Security Analyst > > 3. Admin > > 4. Customer Facing / Executives > > > >4. Alerting Management Requirements > > 1. Suppress an Alert Temporarily and time based (suppress for 24 hours) > > 2. Suppress an Alert Permanently > > > >5. Need examples of correlation and SIEM rules > >6. Ability to search, pivot and build complex queries via UI (pivoting and >clicking) will be important. E.g: Select a "Watchlisted Threat Alert", >then click on Details, Select Destination Souce --> Right click and do >Search as Source IP --> executes a Search > >7. Approach to Requirements and Design > > 1. For Legacy SIM functionality --> Start with UI requirements and drive >platform requirement > > 2. For Next Analytical functionality --> Start with Analytics and then >drive UI requirement > > >8. What Next? > > 1. Need to create Customer Survey and send to SOC teams to collect and >prioritize requirements > > 2. From requirements, create some wireframes > > 3. With wireframes, conduct "interviews" with various SOC teams with >wireframes > > 4. Iterate on requirements and wireframes. > > > > > > >------Post-Meeting Followup/Action Item-------- > > 1. George: Send out meeting minutes. > > 2. George: Send out shared doc for Customer Survey > > 3. George: Schedule weekly Requirements meeting invite every Thursday >from 9 CST - 10:30 CST > > 4. Noreen and Oskar: Meet on UI and Customer Survey , start wireframes >and then publish out meeting minutes to apache metron dev team > > > > > >-- >George Vetticaden >Principal, COE >gvettica...@hortonworks.com >(630) 909-9138 > > > > > >On 12/10/15 10:28 PM, "James Sirota" <jsir...@hortonworks.com> wrote: > >>Based on demand let¹s do WebEx >> >>Here is a link: >> >>https://hortonworks.webex.com/hortonworks/j.php?MTID=m8273c3ef30a61911c9f >>7 >>e897c57c752a >> >> >>Thanks, >>James >> >> >> >> >> >>On 12/8/15, 6:02 PM, "Andrew Hartnett" <andrew.hartn...@rackspace.com> >>wrote: >> >>>James didn't add enough info to the email. We are planning on a meeting >>>Friday at 9am CST to discuss plans for the UI. James' ask for >>>participants is to gauge which medium to hold the meeting. Since wire >>>frames and other visual discussions are needed, we are looking at >>>holding a Webex or another video conf. Any recommendations that come >>>from this will be pushed to Jira. >>> >>>Andrew Hartnett >>>Sr. Dev Warlord - Rackspace Managed Security >>>210.744.4101 >>> >>>________________________________________ >>>From: P. Taylor Goetz <ptgo...@gmail.com> >>>Sent: Tuesday, December 8, 2015 4:18 PM >>>To: dev@metron.incubator.apache.org >>>Subject: COMMERCIAL:Re: [DISCUSS] UI Requirements Meeting >>> >>>> On Dec 8, 2015, at 3:59 PM, James Sirota <jsir...@hortonworks.com> >>>>wrote: >>>> >>>> We will have a meeting to discuss the initial UI requirements for >>>>Metron. If you want to participate please respond to this thread and >>>>we¹ll send >>> >>>Is there a reason the invite couldn¹t be sent to the whole dev@ list? >>> >>>I would also suggest proposing a date/time a few days in advance so >>>those in various time zones have enough notice to attend. >>> >>>And as Owen pointed out in another thread, only discussions and >>>recommendations can come from any such meeting. Any decisions have to be >>>made on the mailing lists. >>> >>>-Taylor >>> > >