metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cestella <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #142: METRON-204: Field Transformation Domain ...
Date Mon, 13 Jun 2016 22:05:29 GMT
Github user cestella commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/142#discussion_r66877352
  
    --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/aggregator/Aggregators.java
---
    @@ -18,18 +18,21 @@
     
     package org.apache.metron.common.aggregator;
     
    +import org.apache.metron.common.utils.ConversionUtils;
    +
     import java.util.List;
     import java.util.Map;
     import java.util.function.BinaryOperator;
     import java.util.function.Predicate;
     
     public enum Aggregators implements Aggregator {
    -   MAX( (numbers, config) -> accumulate(0d, (x,y) -> Math.max(x.doubleValue(),y.doubleValue()),
numbers))
    -  ,MIN( (numbers, config) -> accumulate(0d, (x,y) -> Math.min(x.doubleValue(),y.doubleValue()),
numbers))
    -  ,SUM( (numbers, config) -> accumulate(0d, (x,y) -> x.doubleValue() + y.doubleValue(),
numbers))
    +   MAX( (numbers, config) -> accumulate(0d, (x,y) -> Math.max(x.doubleValue(),y.doubleValue()),
numbers, config))
    +  ,MIN( (numbers, config) -> accumulate(0d, (x,y) -> Math.min(x.doubleValue(),y.doubleValue()),
numbers, config))
    +  ,SUM( (numbers, config) -> accumulate(0d, (x,y) -> x.doubleValue() + y.doubleValue(),
numbers, config))
       ,MEAN( (numbers, config) -> scale(SUM.aggregate(numbers, config), numbers, n ->
true))
    -  ,POSITIVE_MEAN( (numbers, config) -> scale(SUM.aggregate(numbers, config), numbers,
n -> n.doubleValue() > 0))
    +  ,POSITIVE_MEAN( (numbers, config) -> positiveMean(numbers, config))
       ;
    +  public static String NEGATIVE_VALUES_TRUMP_CONF = "negativeValuesTrump";
    --- End diff --
    
    I noticed an issue with threat triage in-that we have no ability to cause a particular
rule to trump the rest.  For instance, if you have rules 1 through 5, but if you hit rule
5, you want to make sure that the triage level is very high.  For that use-case, if you associate
a negative value with a triage rule, the aggregators will return +Infinity.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message