metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Sirota <>
Subject Re: [DISCUSS] Is there a reason for separate Management & Alerts UIs?
Date Wed, 04 Oct 2017 20:13:39 GMT
At some point in the future we may think about converging them because functions like defining
threat rules and setting up profiles may overlap the SOC and ops personnel.  But as you said,
the initial intent was that the two UIs target two different user personas. 

02.10.2017, 11:35, "Nick Allen" <>:
> I think the main reason historically is that each UI has different use
> cases and user roles. The Management UI will mainly be used by an Security
> Platform Engineer, while the Alerts UI will be used by a SOC Analyst,
> Investigator or Manager.
> That being said, I am not against a single, unified UI, as long as it is
> paired with appropriate role based access controls.
> On Thu, Sep 28, 2017 at 12:10 PM Laurens Vets <> wrote:
>>  As the subject says, is there a specific reason to have the Management &
>>  Alerts UI separate?
>>  Having another option under "Operations" called "Alerts" in the
>>  Management UI seems to make more sense to me... If it's because they are
>>  called Management UI and Alerts UI, maybe we should make it more general
>>  and name it Metron UI?

Thank you,

James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org

View raw message