[GitHub] metron issue #338: METRON-295: Script parsing bolt

[ottobackwards]

Github user ottobackwards commented on the issue:

https://github.com/apache/metron/pull/338
  
Re-reading this, I think it is dead, unless there is an update triggered by 
this.

I *think* I have the resolution to the update issue.

Post `777` and parser extensions, extensions can / will be deployed through 
the ui.
A script parser will deploy scripts, as we do grok rules to a directory, we 
can have the deployment *also* make an entry in zookeeper with the checksum of 
the script or some such.  __That__ can be the item that is in zookeeper and 
monitored for change.  If we deploy a new version of the script by installing 
it in the UI, it will save it to hdfs, and the change the entry in zookeeper, 
triggering reload.

If this PR *is* dead, I may take this up


---

Re: [VOTE] Metron Release Candidate 0.4.2-RC2

[Justin Leet]

+1 validated with Otto's script

* Checksums
* Signatures
* Build
* Tests

On Tue, Dec 19, 2017 at 11:47 PM, Anand Subramanian <
asubraman...@hortonworks.com> wrote:

>
> * mvn clean package at root level
> * mvn clean package -Pbuild-rpms at metron-deployment level and generate
> RPMs
> * Brought up Metron stack on 12-node CentOS 7 openstack cluster using the
> generated RPMs
> * Bro, YAF and snort - ingest into kafka topics and validated indices
> * Add squid telemetry, ingest into kafka topic and validated indices
> * Management UI, Alerts UI and Swagger UI sanity check
>
> +1 (non-binding)
>
>
> Regards,
> Anand
>
>
>
>
> On 12/20/17, 3:11 AM, "Casey Stella"  wrote:
>
> >+1 validated via Otto's script
> >* Checksums
> >* Sigs
> >* Build
> >* Full dev validation
> >
> >On Tue, Dec 19, 2017 at 2:45 PM, Nick Allen  wrote:
> >
> >> +1  I validated using Otto's great script.
> >>
> >> * Validated the list of changes
> >> * Checksums
> >> * Sigs
> >> * Build
> >> * Tests
> >> * Full Dev
> >>
> >> On Tue, Dec 19, 2017 at 6:23 AM, Matt Foley  wrote:
> >>
> >> > Colleagues,
> >> > This is a call to vote on releasing Apache Metron 0.4.2 and its
> >> associated
> >> > metron-bro-plugin-kafka 0.1.0.
> >> > The release candidate is available at https://dist.apache.org/repos/
> >> > dist/dev/metron/0.4.2-RC2/
> >> >
> >> > Full list of changes in this release:
> >> > https://dist.apache.org/repos/dist/dev/metron/0.4.2-RC2/CHANGES and
> >> > https://dist.apache.org/repos/dist/dev/metron/0.4.2-RC2/
> >> CHANGES.bro-plugin
> >> >
> >> > The github tags to be voted upon are:
> >> > (apache/metron) apache-metron-0.4.2-rc2 and (apache/metron-bro-plugin-
> >> kafka)
> >> > 0.1
> >> >
> >> > The source archives being voted upon can be found here:
> >> > https://dist.apache.org/repos/dist/dev/metron/0.4.2-RC2/
> >> > apache-metron-0.4.2-rc2.tar.gz
> >> > https://dist.apache.org/repos/dist/dev/metron/0.4.2-RC2/
> >> > apache-metron-bro-plugin-kafka_0.1.0.tar.gz
> >> >
> >> > The site-book is at:
> >> > https://dist.apache.org/repos/dist/dev/metron/0.4.2-RC2/
> >> > site-book/index.html
> >> >
> >> > Other release files, signatures and digests can be found here:
> >> > https://dist.apache.org/repos/dist/dev/metron/0.4.2-RC2/
> >> >
> >> > The release artifacts are signed with the following key:
> >> > 4169 AA27 ECB3 1663 in https://dist.apache.org/repos/
> >> > dist/dev/metron/0.4.2-RC2/KEYS
> >> >
> >> > Please vote on releasing this package as Apache Metron 0.4.2 and
> Apache
> >> > Metron-bro-plugin-kafka 0.1.0
> >> >
> >> > When voting, please list the actions taken to verify the release.
> >> >
> >> > Recommended build validation and verification instructions are posted
> >> here:
> >> > https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds
> >> > or you are encouraged to try the new release verification script that
> >> Otto
> >> > published via email on 11 Dec, available at
> >> > https://github.com/ottobackwards/Metron-and-Nifi-
> >> > Scripts/blob/master/metron/metron-rc-check
> >> >
> >> > This vote will be open until 9am PST on Friday 22 Dec 2017.
> >> >
> >> > Thank you,
> >> > --Matt
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
>

[GitHub] metron pull request #881: METRON-1071: Create CONTRIBUTING.md

[justinleet]

Github user justinleet commented on a diff in the pull request:

https://github.com/apache/metron/pull/881#discussion_r158571805
  
--- Diff: CONTRIBUTING.md ---
@@ -0,0 +1,27 @@
+#  How To Contribute
+As an open source project, Metron welcomes contributions of all forms. 
There are several great ways to contribute!
+
+* [Contributing a Code Change](#contributing-a-code-change)
+* Reviewing pull requests on our GitHub page. Check out current open [Pull 
Requests](https://github.com/apache/metron/pulls)
+* Improve our documentation. Our docs are self contained in the project in 
README files. Doc changes is the same process as a code change. See 
[Contributing a Code Change](#contributing-a-code-change)
+* Contributing to or starting discussions on the mailing lists. Both the 
user and dev lists are great places to give and receive help, or provide 
feedback.
--- End diff --

Added the link to the site.


---

[GitHub] metron pull request #881: METRON-1071: Create CONTRIBUTING.md

[justinleet]

Github user justinleet commented on a diff in the pull request:

https://github.com/apache/metron/pull/881#discussion_r158571753
  
--- Diff: CONTRIBUTING.md ---
@@ -0,0 +1,27 @@
+#  How To Contribute
+As an open source project, Metron welcomes contributions of all forms. 
There are several great ways to contribute!
+
+* [Contributing a Code Change](#contributing-a-code-change)
+* Reviewing pull requests on our GitHub page. Check out current open [Pull 
Requests](https://github.com/apache/metron/pulls)
+* Improve our documentation. Our docs are self contained in the project in 
README files. Doc changes is the same process as a code change. See 
[Contributing a Code Change](#contributing-a-code-change)
--- End diff --

Good catch.  Changed it.


---

[GitHub] metron pull request #882: METRON-1380: Create a typosquatting use-case (comm...

[cestella]

GitHub user cestella reopened a pull request:

https://github.com/apache/metron/pull/882

METRON-1380: Create a typosquatting use-case (commit after METRON-1379, 
METRON-1377, METRON-1378)

## Contributor Comments
This is a documented use-case on how to use the following JIRAs (PRs) to 
detect typosquatting in-stream using bloom filters:
* METRON-1379 (#880)
* METRON-1377 (#878 )
* METRON-1378 (#879 )

The code here is a merger of the PRs above to allow reviewers to test the 
entire feature together.  The manual testing plan is to execute the 
typosquatting use-case 
[instructions](https://github.com/cestella/incubator-metron/tree/typosquat_merge/use-cases/typosquat_detection).

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
 
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && build_utils/verify_licenses.sh 
  ```

- [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [x] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron typosquat_merge

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/882.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #882


commit a95014ed1e145f9133dd95dcbfbf7e9212401fef
Author: cstella 
Date:   2017-12-19T22:26:03Z

METRON-1377: Stellar function to generate typosquatted domains (similar to 
dnstwist)

commit 9c492c4540534fa72550aff330ce6c588f640965
Author: cstella 
Date:   2017-12-21T15:17:18Z

flatfile summarizer initial commit.

commit 71e63b2604ad94c51423762582e547184169d8a2
Author: cstella 
Date:   2017-12-21T15:20:48Z

Don't want to generate original domain as it's not a typosquatted domain

commit 42af879d5fc1623fd9b24dd24af687292d9bcc73
Author: cstella 
Date:   2017-12-21T16:20:10Z

Fixed homoglyph bug with ACE domains

commit 7ee3ab14b81b0cb3fd899cf082050b7e3fade63e
Author: cstella 
Date:   2017-12-21T17:04:58Z

Persistent bug..

commit 15681143e86913a69270d0a89e1c877e3d99
Author: cstella 
Date:   2017-12-21T18:50:58Z

typo

commit 0d1e7b304b926bae65a2d6b4c63dec565542ad7e
Author: cstella 
Date:   2017-12-21T18:51:50Z

Weirdness with international domains.

commit 

[GitHub] metron pull request #882: METRON-1380: Create a typosquatting use-case (comm...

[cestella]

Github user cestella closed the pull request at:

https://github.com/apache/metron/pull/882


---

[GitHub] metron pull request #882: METRON-1380: Create a typosquatting use-case

[cestella]

GitHub user cestella opened a pull request:

https://github.com/apache/metron/pull/882

METRON-1380: Create a typosquatting use-case

## Contributor Comments
This is a documented use-case on how to use the following JIRAs (PRs) to 
detect typosquatting in-stream using bloom filters:
* METRON-1379 (#880)
* METRON-1377 (#878 )
* METRON-1378 (#879 )

The code here is a merger of the PRs above to allow reviewers to test the 
entire feature together.  The manual testing plan is to execute the 
typosquatting use-case 
[instructions](https://github.com/cestella/incubator-metron/tree/typosquat_merge/use-cases/typosquat_detection).

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
 
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && build_utils/verify_licenses.sh 
  ```

- [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [x] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron typosquat_merge

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/882.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #882


commit a95014ed1e145f9133dd95dcbfbf7e9212401fef
Author: cstella 
Date:   2017-12-19T22:26:03Z

METRON-1377: Stellar function to generate typosquatted domains (similar to 
dnstwist)

commit 9c492c4540534fa72550aff330ce6c588f640965
Author: cstella 
Date:   2017-12-21T15:17:18Z

flatfile summarizer initial commit.

commit 71e63b2604ad94c51423762582e547184169d8a2
Author: cstella 
Date:   2017-12-21T15:20:48Z

Don't want to generate original domain as it's not a typosquatted domain

commit 42af879d5fc1623fd9b24dd24af687292d9bcc73
Author: cstella 
Date:   2017-12-21T16:20:10Z

Fixed homoglyph bug with ACE domains

commit 7ee3ab14b81b0cb3fd899cf082050b7e3fade63e
Author: cstella 
Date:   2017-12-21T17:04:58Z

Persistent bug..

commit 15681143e86913a69270d0a89e1c877e3d99
Author: cstella 
Date:   2017-12-21T18:50:58Z

typo

commit 0d1e7b304b926bae65a2d6b4c63dec565542ad7e
Author: cstella 
Date:   2017-12-21T18:51:50Z

Weirdness with international domains.

commit 935d4d2933e7156219722e54cec5dfce228fdbcc
Author: cstella 

[GitHub] metron pull request #881: METRON-1071: Create CONTRIBUTING.md

[JonZeolla]

Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/881#discussion_r158477376
  
--- Diff: CONTRIBUTING.md ---
@@ -0,0 +1,27 @@
+#  How To Contribute
+As an open source project, Metron welcomes contributions of all forms. 
There are several great ways to contribute!
+
+* [Contributing a Code Change](#contributing-a-code-change)
+* Reviewing pull requests on our GitHub page. Check out current open [Pull 
Requests](https://github.com/apache/metron/pulls)
+* Improve our documentation. Our docs are self contained in the project in 
README files. Doc changes is the same process as a code change. See 
[Contributing a Code Change](#contributing-a-code-change)
--- End diff --

`s/is/are/`?


---

[GitHub] metron pull request #881: METRON-1071: Create CONTRIBUTING.md

[JonZeolla]

Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/881#discussion_r158477818
  
--- Diff: CONTRIBUTING.md ---
@@ -0,0 +1,27 @@
+#  How To Contribute
+As an open source project, Metron welcomes contributions of all forms. 
There are several great ways to contribute!
+
+* [Contributing a Code Change](#contributing-a-code-change)
+* Reviewing pull requests on our GitHub page. Check out current open [Pull 
Requests](https://github.com/apache/metron/pulls)
+* Improve our documentation. Our docs are self contained in the project in 
README files. Doc changes is the same process as a code change. See 
[Contributing a Code Change](#contributing-a-code-change)
+* Contributing to or starting discussions on the mailing lists. Both the 
user and dev lists are great places to give and receive help, or provide 
feedback.
--- End diff --

We should point people to the lists.  I'm mobile so not sure what the 
anchor is on here http://metron.apache.org/community


---