metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otto Fowler <ottobackwa...@gmail.com>
Subject Re: [DISCUSS] Pcap query branch completion
Date Mon, 13 Aug 2018 13:21:07 GMT
- Job cleanup/TTL

Documented at least, or a helper script to help yourself if you are in a
situation


- Expose the Query filter (vs Fixed) in the UI

Follow on


- Date range limits on queries

I don’t see how this won’t be immediately required. I would do this for
minimum viable.


- Pcap query as a separate UI

Follow on


- UI should manage a queue/history of jobs

Follow on, but maybe we need documentation


- BPF filtering

This is going to be a PITA, follow on


- Sharing PCA jobs with other users

Follow on


- Provide a way in the UI to populate a pcap query from an alert/metaalert

Follow on


- Documentation/blueprint for YARN configuration

Should have

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message