metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Leet <justinjl...@gmail.com>
Subject [DISCUSS] Bro Zeppelin dashboards
Date Wed, 01 Mar 2017 13:21:38 GMT
Similar to the YAF dashboard from https://issues.apache.
org/jira/browse/METRON-676, it would be nice to have a similar Zeppelin
dashboard for Bro.

Couple topics we can include

   - Number of total queries per hour
   - Geo-location frequency
   - Top sites requests vs non-top requests

The Alexa requests tie in with https://issues.apache.
org/jira/browse/METRON-709, specifically the part about modifying Bro
configs to use the data.  There's been some discussion on where that lives
and how it's managed, so we won't be able to do much with it right now.

Is there anything else we'd consider essential in our first pass?  Or
anything we'd like to iterate on in the future? I'm not an expert in how
Bro data actually looks in practice, so I'd love to get some input on
features that would be nice to have.

For these types of dashboards, there's also the question of, using top
sites as an example, of "If this user doesn't have top sites data, is there
anything we can do in Zeppelin about hiding or not displaying that
paragraph?". I don't believe there's a built in way to handle that (but
again, I could be wrong), so it might involve being a bit more verbose in
what we actually do in the paragraphs.

Justin

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message