metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otto Fowler <>
Subject Re: [DISCUSS] Pcap query branch completion
Date Mon, 13 Aug 2018 13:21:07 GMT
- Job cleanup/TTL

Documented at least, or a helper script to help yourself if you are in a

- Expose the Query filter (vs Fixed) in the UI

Follow on

- Date range limits on queries

I don’t see how this won’t be immediately required. I would do this for
minimum viable.

- Pcap query as a separate UI

Follow on

- UI should manage a queue/history of jobs

Follow on, but maybe we need documentation

- BPF filtering

This is going to be a PITA, follow on

- Sharing PCA jobs with other users

Follow on

- Provide a way in the UI to populate a pcap query from an alert/metaalert

Follow on

- Documentation/blueprint for YARN configuration

Should have

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message