metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Allen <n...@nickallen.org>
Subject Re: Cloudtrail use case
Date Fri, 06 Oct 2017 12:44:32 GMT
Yes, agreed, Justin.  I guess my main point to Laurens was meant to be that
the actual destination of the use case should be the least of our worries.
However Laurens wants to write it up will work. If you type it up, throw it
in an envelope, seal it with a stamp, and physically mail it to me, I will
make sure it lands in the right place. :)



On Thu, Oct 5, 2017 at 9:20 PM Justin Leet <justinjleet@gmail.com> wrote:

> I know we've had discussions about migrating stuff into docs before.  It
> might be worth resurrecting a more use case focused version of that,
> instead of starting on the wiki.  I assume the end goal is availability in
> the site-book, so even if it's not in a perfect place, I'd rather the
> effort be spent on making it pretty there.
>
> I think there's a few floating around that could use a home, so the
> discussion might make life easier for multiple things.  Some from the wiki,
> some from random READMEs we could relocate and link, some from
> presentations and so on.
>
> Having said all that, I know discuss threads can take a few days to
> resolve, so wiki and then convert might be the lesser of two evils.
>
>
> On Thu, Oct 5, 2017 at 6:54 PM, Nick Allen <nick@nickallen.org> wrote:
>
> > We don't really have a location in the source code for use cases like
> this
> > right now.  But I think it is so important that we get use cases like
> this
> > published somewhere.  For now, you could add this to the Wiki.  Then
> later
> > on we can figure out how to handle that.
> >
> > On Thu, Oct 5, 2017 at 6:49 PM, Laurens Vets <laurens@daemon.be> wrote:
> >
> > > On 2017-10-05 15:45, Laurens Vets wrote:
> > >
> > >> Hi,
> > >>
> > >> Would anyone be interested in adding a full AWS Cloudtrail use case to
> > >> the Metron documentation? I would roughly consist of:
> > >> - Apache NiFi configuration to retrieve Cloudtrail logs from S3 and
> > >> send it to Metron via Kafka.
> > >> - Complete Metron sensor configuration (enrichment, alerting, etc...)
> > for
> > >> this.
> > >>
> > >
> > > Sent too soon :(
> > >
> > > If anyone would be interested in this documentation, where would add
> this
> > > in the source?
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message