Dev Env Setup Instructions

I have goten a lot of questions/interests recently about how to setup their Dev environment to start contributing to the project. This is great news! I have quickly created the following wiki article.

Re: [DISCUSS] Metron assessment tool

Or we have the assessment tool not actually land any data. The assessment tool becomes a 'sensor' in its own right. You just point the input data sets at the assessment tool, it builds metrics on the input (for example: count the number of packets per second) and then we use those metrics to

[GitHub] incubator-metron pull request: METRON-110 Create lightweight packe...

Github user nickwallen commented on the pull request: https://github.com/apache/incubator-metron/pull/76#issuecomment-210542984 Argparse is part of the standard library and does not need to be separately installed. Removed the need to install it separately via pip. Python standard

Re: Metron Logo

+1 Regards, bpk On 4/15/16, 1:09 PM, "George Vetticaden" wrote: >Number of folks have asked me in the last week "Whats up with Metron's logo? >It seems like its on life support?" >:) > >Thoughts on maybe revisiting this and looking at some new logos? >

[GitHub] incubator-metron pull request: METRON-102: Unit Tests for parsers ...

Github user merrimanr commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/78#discussion_r59899359 --- Diff: metron-streaming/pom.xml --- @@ -80,6 +80,7 @@ Metron-Elasticsearch Metron-Solr

Re: [DISCUSS] Metron assessment tool

So this is exactly what I am proposing. Calculate the metrics on the fly without landing any data in the cluster. The problem is that that enterprise data volumes are so large you can’t just point them at a Java or a C++ program or sensor. You either need an existing minimal Kafka

Re: Metron Logo

I don’t think it’s terrible, but it’s not reflective of what Metron is about. I think it needs to be something security analytics related On 4/15/16, 10:10 AM, "Dave Hirko" wrote: >+1 (its terrible) > >Dave Hirko | d...@b23.io | 571.421.7729 > > > > > > > > >On 4/15/16, 1:09

Re: Dev Env Setup Instructions

George, Thanks for the contribution. This is great. Going forward I think we’ll need to make these instructions more generic, but this is a great start Thanks, James On 4/15/16, 9:31 AM, "George Vetticaden" wrote: >I have goten a lot of questions/interests

[GitHub] incubator-metron pull request: METRON-96: Create data purging scri...

Github user merrimanr commented on the pull request: https://github.com/apache/incubator-metron/pull/79#issuecomment-21057 I noticed there are a coupe sample config json files (bro.json and global.json) being added to Metron-Common. There are already sample configs in

[GitHub] incubator-metron pull request: METRON-83 Create 'sensor test mode'

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/58#discussion_r59919240 --- Diff: deployment/playbooks/metron_install.yml --- @@ -75,7 +75,8 @@ - { role: flume, when: install_snort | default(True) == True }

[DISCUSS] Tagging Jira's for newbies

Hi Guys, As we are picking up more community members I think we need to start tagging Jira’s with “complexity labels” and building up a pool of Jiras that newbies can work on. I wanted to open this up to the community to see how we wanted to handle that. What should these labels be and how

[GitHub] incubator-metron pull request: METRON-83 Create 'sensor test mode'

Github user nickwallen commented on the pull request: https://github.com/apache/incubator-metron/pull/58#issuecomment-210563789 A nice benefit with this change is that the default deployment produces Snort alerts in the dashboard. I think I've been asked how to "turn on snort

[GitHub] incubator-metron pull request: METRON-102: Unit Tests for parsers ...

Github user dlyle65535 commented on the pull request: https://github.com/apache/incubator-metron/pull/78#issuecomment-210572418 +1 this looks really good. Ran through the tests no problem. --- If your project is set up for it, you can reply to this email and have your reply appear on

Metron Logo

Number of folks have asked me in the last week "Whats up with Metron's logo? It seems like its on life support?" :) Thoughts on maybe revisiting this and looking at some new logos? -- George Vetticaden Principal, Senior Product Manager for Metron

[GitHub] incubator-metron pull request: METRON-110 Create lightweight packe...

Github user nickwallen commented on the pull request: https://github.com/apache/incubator-metron/pull/76#issuecomment-210552058 Interesting. I manually deployed on CentOS 6 with the latest change and it worked. But it appears `argparse` was already installed by something else.

Re: Metron Logo

We should do another one then. Also most new content is going into the wiki and not the website. The website is also quite sparse. The current logo that won the vote was from Alex who is CC-ed. debo On 4/15/16, 10:12 AM, "James Sirota" wrote: >I don’t think it’s

[GitHub] incubator-metron pull request: METRON-83 Create 'sensor test mode'

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/58#discussion_r59913115 --- Diff: deployment/playbooks/metron_install.yml --- @@ -75,7 +75,8 @@ - { role: flume, when: install_snort | default(True) == True }

[GitHub] incubator-metron pull request: METRON-110 Create lightweight packe...

Github user nickwallen commented on the pull request: https://github.com/apache/incubator-metron/pull/76#issuecomment-210558957 Right. Next step is to update `deployment/roles/pycapa` to use this instead of OpenSOC's pycapa. --- If your project is set up for it, you can reply to

[GitHub] incubator-metron pull request: METRON-110 Create lightweight packe...

Github user cestella commented on the pull request: https://github.com/apache/incubator-metron/pull/76#issuecomment-210557717 Yeah the license is fine. We are going to have it installed in the vagrant box as part of ansible, right? On Fri, Apr 15, 2016 at 18:16 Nick Allen

[GitHub] incubator-metron pull request: METRON-110 Create lightweight packe...

Github user cestella commented on the pull request: https://github.com/apache/incubator-metron/pull/76#issuecomment-210562709 Yes On Fri, Apr 15, 2016 at 18:46 Nick Allen wrote: > Ok good - Leaving argparse in the requirements.txt. > >

Re: [DISCUSS] Metron assessment tool

However, it would be handy to have something like this perpetually running so you know when to scale up/out/down/in a cluster. On Fri, Apr 15, 2016, 13:35 Nick Allen wrote: > I think it is slightly different. I don't even want to install minimal > Kafka infrastructure (Look

[GitHub] incubator-metron pull request: METRON-110 Create lightweight packe...

Github user nickwallen commented on the pull request: https://github.com/apache/incubator-metron/pull/76#issuecomment-210561883 Ok good - Leaving argparse in the requirements.txt. Does "Sound good" == +1? --- If your project is set up for it, you can reply to this email and

[GitHub] incubator-metron pull request: METRON-96: Create data purging scri...

Github user dlyle65535 commented on the pull request: https://github.com/apache/incubator-metron/pull/79#issuecomment-210600975 Yes, the global.json is different, targeted at the exact test I am running. I don't need the bro.json, but unfortunately the config loader dies without a