metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Allen <>
Subject Re: [DISCUSS] Bro Zeppelin dashboards
Date Wed, 01 Mar 2017 13:46:38 GMT
Will the dashboard be focused on all Bro inputs or just one, like DNS?

On Wed, Mar 1, 2017 at 8:21 AM, Justin Leet <> wrote:

> Similar to the YAF dashboard from https://issues.apache.
> org/jira/browse/METRON-676, it would be nice to have a similar Zeppelin
> dashboard for Bro.
> Couple topics we can include
>    - Number of total queries per hour
>    - Geo-location frequency
>    - Top sites requests vs non-top requests
> The Alexa requests tie in with https://issues.apache.
> org/jira/browse/METRON-709, specifically the part about modifying Bro
> configs to use the data.  There's been some discussion on where that lives
> and how it's managed, so we won't be able to do much with it right now.
> Is there anything else we'd consider essential in our first pass?  Or
> anything we'd like to iterate on in the future? I'm not an expert in how
> Bro data actually looks in practice, so I'd love to get some input on
> features that would be nice to have.
> For these types of dashboards, there's also the question of, using top
> sites as an example, of "If this user doesn't have top sites data, is there
> anything we can do in Zeppelin about hiding or not displaying that
> paragraph?". I don't believe there's a built in way to handle that (but
> again, I could be wrong), so it might involve being a bit more verbose in
> what we actually do in the paragraphs.
> Justin

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message