[GitHub] incubator-metron pull request: METRON-177 Fix typos on the Metron ...
Github user cestella commented on the pull request: https://github.com/apache/incubator-metron/pull/130#issuecomment-220976450 Ok, this looks good, +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: Metron 173
Github user cestella commented on the pull request: https://github.com/apache/incubator-metron/pull/128#issuecomment-220976859 Since you made a METRON-177 PR, could you please close this one? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: METRON-179 Fixed Docs for Vagrant D...
Github user cestella commented on the pull request: https://github.com/apache/incubator-metron/pull/124#issuecomment-220977119 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: METRON-177 Fix typos on the Metron ...
Github user merrimanr commented on the pull request: https://github.com/apache/incubator-metron/pull/130#issuecomment-220994277 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: METRON-177 Fix typos on the Metron ...
Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/130 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Streaming Login events
Hi All, I'm interested in capturing user login events for use in user enrichment (associating a user with a source IP address). To this end, I'd like to capture user login events with the associated IP address. I had assumed this information would be available as part of Active Directory event data, but after discussion on https://issues.apache.org/jira/browse/METRON-161, it appears that my assumptions do not seem to hold. Is there a source for this data that I should consider which might cover a large percentage of the field?
[GitHub] incubator-metron pull request: METRON-183 Allow the simple hbase e...
GitHub user cestella opened a pull request: https://github.com/apache/incubator-metron/pull/131 METRON-183 Allow the simple hbase enrichment adapter and simple threat intel adapter to use multiple column families Allow the simple hbase enrichment adapter and simple threat intel adapter to use multiple column families. As it stands, the table and column family used are configured at topology submission time rather than via zookeeper. It makes sense to allow different enrichment types to be associated with different column families so that column family specific configuration, such as retention policies, can be used per enrichment type. You can merge this pull request into a Git repository by running: $ git pull https://github.com/cestella/incubator-metron cf_per_et Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-metron/pull/131.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #131 commit 00a0b13a5b307be39aad45031c1673de9a2f5ea4 Author: cstella Date: 2016-05-23T17:50:40Z Added the ability to support multiple column families in the simple hbase enrichment and threat intel. commit adc3765fcf84bf24d58ac8a4e5e20851ffae Author: cstella Date: 2016-05-23T20:46:35Z Updating documentation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: Metron 173
Github user iraghumitra closed the pull request at: https://github.com/apache/incubator-metron/pull/128 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: Metron 173
Github user iraghumitra commented on the pull request: https://github.com/apache/incubator-metron/pull/128#issuecomment-221099616 Closing the pull request --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: METRON-184 Fixed 'creates' path to ...
GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/132 METRON-184 Fixed 'creates' path to avoid re-downloading GeoIP data Prevents the GeoIP data from being re-downloaded when it already exists. The 'creates' path was specifying the wrong file. You can merge this pull request into a Git repository by running: $ git pull https://github.com/nickwallen/incubator-metron METRON-184 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-metron/pull/132.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #132 commit c34bc905c9b79fd770060116353046d707996d47 Author: Nick Allen Date: 2016-05-23T22:01:13Z METRON-184 Fixed 'creates' path to avoid re-downloading GeoIP data --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
Re: Streaming Login events
I currently get the users of IPs on wireless via RADIUS logs, as long as wireless does 802.1x EAP-PEAP authentication. The static side is different and the solution I currently use probably only sparsely exists outside of higher ed (requiring endpoint MAC registration by the end user, and then associating users to IPs using DHCP logs via that MAC). On Mon, May 23, 2016 at 4:04 PM Casey Stella wrote: > Hi All, > > I'm interested in capturing user login events for use in user enrichment > (associating a user with a source IP address). To this end, I'd like to > capture user login events with the associated IP address. I had assumed > this information would be available as part of Active Directory event data, > but after discussion on https://issues.apache.org/jira/browse/METRON-161, > it appears that my assumptions do not seem to hold. > > Is there a source for this data that I should consider which might cover a > large percentage of the field? > -- Jon
[GitHub] incubator-metron pull request: METRON-180 Enable each component to...
GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/133 METRON-180 Enable each component to be installed or not using tags To allow users to make the most use of the deployment scripts, they should be able to choose whether each component is installed or not. This is important very highly customized environments where Metron will be installed. This is currently possible in most cases, but there are a few scenarios that are exceptions. For example, the PCAP service will only be installed if `install_elasticsearch` is set to `true`. This was a good coupling back when PCAP searches were hosted in the index. Now that PCAP searches come from HDFS, we need to be able to install PCAP service separately. You can merge this pull request into a Git repository by running: $ git pull https://github.com/nickwallen/incubator-metron METRON-180 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-metron/pull/133.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #133 commit ec1e99b755fc922cae26256dcd0c22f36c3828c8 Author: Nick Allen Date: 2016-05-24T02:49:37Z METRON-180 Enable each component to be installed or not using tags --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-metron pull request: Specify shorter control_path to avo...
Github user nickwallen commented on the pull request: https://github.com/apache/incubator-metron/pull/122#issuecomment-221157587 This fix was not working for @dlyle65535 today. It would error out because it did not understand `%C`. I dug a little and found that this option was added in [OpenSSH 6.7](http://www.openssh.com/txt/release-6.7). I wanted to provide a warning for other users who have older versions of OpenSSH. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
