I though MaaS is flexible enough to use any combination of codes we like.
It can be a machine learning model or a very deterministic model.
I have to have a look at some of our use cases in more details. I will send
an example to you.
Cheers,
Ali
On Fri, Jun 23, 2017 at 11:43 AM, Casey Stella
Actually, and I am shocked to find myself saying this, MaaS won't help you
here. ;) I don't think the current system can encode your desire. Just in
case I'm being dense, though, would you give us a concrete example with
some rules and how you'd like the score aggregated?
On Thu, Jun 22, 2017
Hey Nick,
We’re just using RFC compliant UDP forwarding at this point to a single
aggregator. We’d probably spin up a UDP collector/forwarder, to control the
flow from a multiple input, multiple output perspective as the most efficient
means for implementation. IMO The best route, would just
Hi All,
I wonder what kind of tests you are using to be sure any release of metron
robust enough.
Regards,
That's correct that it's the last step. Honestly, the threat triage
functions were added prior to Stellar really being a thing. We should
allow arbitrary stellar statements in there rather than a fixed approach,
so it's pluggable.
On Thu, Jun 22, 2017 at 3:50 AM, Ali Nazemian
Hi all,
I know there are four different Treat Triage aggregation functions we can
use for the case of triggering multiple rules. These functions are "max',
"min", "mean", "positive mean". I was wondering whether there is any way I
can implement the following logic with the Treat Triage functions
