Thanks, Casey and Nick. Is there any way that we can somehow overcome this requirement with the current features? Exclude MAAS.
On Thu, Jun 22, 2017 at 11:42 PM, Nick Allen <n...@nickallen.org> wrote: > Ali - > > Here are some issues in JIRA related to this topic. Feel free to add > commentary or specifics of your use case to either of these issues. > Feedback will only help improve the final result. > > https://issues.apache.org/jira/browse/METRON-683 > https://issues.apache.org/jira/browse/METRON-685 > > > Thanks > > > > On Thu, Jun 22, 2017 at 9:31 AM, Casey Stella <ceste...@gmail.com> wrote: > >> That's correct that it's the last step. Honestly, the threat triage >> functions were added prior to Stellar really being a thing. We should >> allow arbitrary stellar statements in there rather than a fixed approach, >> so it's pluggable. >> >> On Thu, Jun 22, 2017 at 3:50 AM, Ali Nazemian <alinazem...@gmail.com> >> wrote: >> >>> Hi all, >>> >>> I know there are four different Treat Triage aggregation functions we >>> can use for the case of triggering multiple rules. These functions are >>> "max', "min", "mean", "positive mean". I was wondering whether there is any >>> way I can implement the following logic with the Treat Triage functions for >>> a non-deterministic score. >>> >>> In the case that a specific rule is triggered, I want to boost the final >>> result of Treat Triage score with a specific value. For example +20 to the >>> score or multiply that by a specific value! >>> >>> Treat Triage is the last bolt in enrichment topology so it seems I >>> cannot have any additional enrichment/transformation based on the score >>> value. Is that right? >>> >>> Regards, >>> Ali >>> >> >> > -- A.Nazemian
