Hi all,
I know there are four different Treat Triage aggregation functions we can
use for the case of triggering multiple rules. These functions are "max',
"min", "mean", "positive mean". I was wondering whether there is any way I
can implement the following logic with the Treat Triage functions f
That's correct that it's the last step. Honestly, the threat triage
functions were added prior to Stellar really being a thing. We should
allow arbitrary stellar statements in there rather than a fixed approach,
so it's pluggable.
On Thu, Jun 22, 2017 at 3:50 AM, Ali Nazemian wrote:
> Hi all,
Ali -
Here are some issues in JIRA related to this topic. Feel free to add
commentary or specifics of your use case to either of these issues.
Feedback will only help improve the final result.
https://issues.apache.org/jira/browse/METRON-683
https://issues.apache.org/jira/browse/METRON-685
Tha
Thanks, Casey and Nick. Is there any way that we can somehow overcome this
requirement with the current features? Exclude MAAS.
On Thu, Jun 22, 2017 at 11:42 PM, Nick Allen wrote:
> Ali -
>
> Here are some issues in JIRA related to this topic. Feel free to add
> commentary or specifics of your
Actually, and I am shocked to find myself saying this, MaaS won't help you
here. ;) I don't think the current system can encode your desire. Just in
case I'm being dense, though, would you give us a concrete example with
some rules and how you'd like the score aggregated?
On Thu, Jun 22, 2017 at
I though MaaS is flexible enough to use any combination of codes we like.
It can be a machine learning model or a very deterministic model.
I have to have a look at some of our use cases in more details. I will send
an example to you.
Cheers,
Ali
On Fri, Jun 23, 2017 at 11:43 AM, Casey Stella w
