I though MaaS is flexible enough to use any combination of codes we like. It can be a machine learning model or a very deterministic model.
I have to have a look at some of our use cases in more details. I will send an example to you. Cheers, Ali On Fri, Jun 23, 2017 at 11:43 AM, Casey Stella <ceste...@gmail.com> wrote: > Actually, and I am shocked to find myself saying this, MaaS won't help you > here. ;) I don't think the current system can encode your desire. Just in > case I'm being dense, though, would you give us a concrete example with > some rules and how you'd like the score aggregated? > > On Thu, Jun 22, 2017 at 8:07 PM, Ali Nazemian <alinazem...@gmail.com> > wrote: > >> Thanks, Casey and Nick. Is there any way that we can somehow overcome >> this requirement with the current features? Exclude MAAS. >> >> On Thu, Jun 22, 2017 at 11:42 PM, Nick Allen <n...@nickallen.org> wrote: >> >>> Ali - >>> >>> Here are some issues in JIRA related to this topic. Feel free to add >>> commentary or specifics of your use case to either of these issues. >>> Feedback will only help improve the final result. >>> >>> https://issues.apache.org/jira/browse/METRON-683 >>> https://issues.apache.org/jira/browse/METRON-685 >>> >>> >>> Thanks >>> >>> >>> >>> On Thu, Jun 22, 2017 at 9:31 AM, Casey Stella <ceste...@gmail.com> >>> wrote: >>> >>>> That's correct that it's the last step. Honestly, the threat triage >>>> functions were added prior to Stellar really being a thing. We should >>>> allow arbitrary stellar statements in there rather than a fixed approach, >>>> so it's pluggable. >>>> >>>> On Thu, Jun 22, 2017 at 3:50 AM, Ali Nazemian <alinazem...@gmail.com> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I know there are four different Treat Triage aggregation functions we >>>>> can use for the case of triggering multiple rules. These functions are >>>>> "max', "min", "mean", "positive mean". I was wondering whether there is >>>>> any >>>>> way I can implement the following logic with the Treat Triage functions >>>>> for >>>>> a non-deterministic score. >>>>> >>>>> In the case that a specific rule is triggered, I want to boost the >>>>> final result of Treat Triage score with a specific value. For example +20 >>>>> to the score or multiply that by a specific value! >>>>> >>>>> Treat Triage is the last bolt in enrichment topology so it seems I >>>>> cannot have any additional enrichment/transformation based on the score >>>>> value. Is that right? >>>>> >>>>> Regards, >>>>> Ali >>>>> >>>> >>>> >>> >> >> >> -- >> A.Nazemian >> > > -- A.Nazemian
